.. / CVE-2013-2287

Exploit for WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting (CVE-2013-2287)

Description:

Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

Nuclei Template

View the template here CVE-2013-2287.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2013/CVE-2013-2287.yaml

References:

https://github.com/d4n-sec/d4n-sec.github.io
https://nvd.nist.gov/vuln/detail/CVE-2013-2287
https://github.com/ARPSyndicate/kenzer-templates
https://www.dognaedis.com/vulns/DGS-SEC-16.html

.. / CVE-2013-2287 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting (CVE-2013-2287)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2013-2287