DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310112765", "type": "openvas", "bulletinFamily": "scanner", "title": "WordPress Elementor Page Builder Plugin < 2.9.9 Multiple XSS Vulnerabilities", "description": "The WordPress plugin Elementor Page Builder is prone to multiple cross-site scripting (XSS) vulnerabilities.", "published": "2020-06-10T00:00:00", "modified": "2020-06-10T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112765", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://wordpress.org/plugins/elementor/#developers", "https://www.softwaresecured.com/elementor-page-builder-stored-xss/"], "cvelist": ["CVE-2020-13864", "CVE-2020-13865"], "lastseen": "2020-06-11T15:57:56", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-13864", "CVE-2020-13865"]}, {"type": "wpexploit", "idList": ["WPEX-ID:31659B56-2046-4BE8-887F-A016DA138595"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:31659B56-2046-4BE8-887F-A016DA138595"]}], "rev": 4}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-13864", "CVE-2020-13865"]}, {"type": "wpexploit", "idList": ["WPEX-ID:31659B56-2046-4BE8-887F-A016DA138595"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:31659B56-2046-4BE8-887F-A016DA138595"]}]}, "exploitation": null, "vulnersScore": -0.1}, "pluginID": "1361412562310112765", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112765\");\n script_version(\"2020-06-10T10:11:55+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-10 10:11:55 +0000 (Wed, 10 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-10 10:06:00 +0000 (Wed, 10 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-13864\", \"CVE-2020-13865\");\n\n script_name(\"WordPress Elementor Page Builder Plugin < 2.9.9 Multiple XSS Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_wordpress_plugin_http_detect.nasl\");\n script_mandatory_keys(\"elementor/detected\");\n\n script_tag(name:\"summary\", value:\"The WordPress plugin Elementor Page Builder is prone to multiple cross-site scripting (XSS) vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An author user can create posts that result in stored XSS by using a crafted payload in custom links,\n using a crafted link in the custom URL or by applying custom attributes.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an authenticated attacker to\n inject arbitrary HTML or JavaScript into the site.\");\n\n script_tag(name:\"affected\", value:\"WordPress Elementor Page Builder plugin before version 2.9.9.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.9.9 or later.\");\n\n script_xref(name:\"URL\", value:\"https://wordpress.org/plugins/elementor/#developers\");\n script_xref(name:\"URL\", value:\"https://www.softwaresecured.com/elementor-page-builder-stored-xss/\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:elementor:elementor_page_builder\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) ) exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_is_less( version: vers, test_version: \"2.9.9\" ) ) {\n report = report_fixed_ver( installed_version: vers, fixed_version: \"2.9.9\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645552965, "score": 1659818015}, "_internal": {"score_hash": "3903fb9112b2fef6fb8def56ca6606b5"}}

{"wpvulndb": [{"lastseen": "2021-02-15T22:21:34", "bulletinFamily": "software", "cvelist": ["CVE-2020-13864", "CVE-2020-13865"], "description": "The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS.\n\n### PoC\n\njavascript:alert(1), JaVaScript:alert(1), javas cript:alert(1) \n", "modified": "2020-06-06T05:00:09", "published": "2020-06-05T00:00:00", "id": "WPVDB-ID:31659B56-2046-4BE8-887F-A016DA138595", "href": "https://wpscan.com/vulnerability/31659b56-2046-4be8-887f-a016da138595", "type": "wpvulndb", "title": "Elementor Page Builder < 2.9.10 - Authenticated Stored XSS", "sourceData": "", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-02-15T22:21:34", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-13864", "CVE-2020-13865"], "description": "The Elementor Page Builder plugin is susceptible to stored XSS. An author user can create custom links containing XSS payloads or apply custom attributes to widgets which results in XSS.\n", "modified": "2020-06-06T05:00:09", "published": "2020-06-05T00:00:00", "id": "WPEX-ID:31659B56-2046-4BE8-887F-A016DA138595", "href": "", "type": "wpexploit", "title": "Elementor Page Builder < 2.9.10 - Authenticated Stored XSS", "sourceData": "javascript:alert(1), JaVaScript:alert(1), javas\tcript:alert(1)\r\n\r\n<style>@keyframes x{}</style><div style=\"animation-name:x\" onanimationend=\"alert(1)\"></div>", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T12:57:56", "description": "The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-06-05T22:15:00", "type": "cve", "title": "CVE-2020-13864", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13864"], "modified": "2020-06-09T17:57:00", "cpe": [], "id": "CVE-2020-13864", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13864", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T12:57:59", "description": "The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-06-05T22:15:00", "type": "cve", "title": "CVE-2020-13865", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13865"], "modified": "2020-06-09T18:10:00", "cpe": [], "id": "CVE-2020-13865", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13865", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": []}]}