Lucene search
Frank LiauwWPEX-ID:0B547728-27D2-402E-AE17-90D539344EC7HistoryApr 16, 2021 - 12:00 a.m.
Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)
2021-04-1600:00:00
Frank Liauw
613
outdated library
unauthenticated xss
wordpress plugin
response headers
vulnerability
fix
php-mod/curl
vendor
scanned repository
EPSS
0.001
Percentile
38.2%
The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation (WPScanTeam), the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputting user input. We contacted the vendor of the library, which issued a fix (v2.3.2) within a few hours. In the meantime, the entire WordPress plugins repository was scanned for the affected files and 4 additional plugins were identified to be affected as well
https://<lib-location>/tests/server/php-curl-test/post_file_path_upload.php?key=%3cimg%20src%20onerror%3dalert(%27XSS%27)%3e
curl -X POST -i --data '<script>alert(/XSS/)</script>' https://<lib-location>/tests/server/php-curl-test/post_multidimensional.phpRelated
osv
osv
CVE-2021-30134
2022-12-26 07:15:11
php-mod/curl allows Cross-site Scripting
2022-12-26 09:30:26
nvd
nvd
CVE-2021-30134
2022-12-26 07:15:11
cve
cve
CVE-2021-30134
2022-12-26 07:15:11
patchstack
patchstack
github
github
php-mod/curl allows Cross-site Scripting
2022-12-26 09:30:26
nuclei
nuclei
Php-mod/curl Library <2.3.2 - Cross-Site Scripting
2023-02-16 05:05:10
prion
prion
Design/Logic Flaw
2022-12-26 07:15:00
cvelist
cvelist
CVE-2021-30134
2022-12-26 00:00:00
wpvulndb
wpvulndb