.. / CVE-2013-3526

Exploit for WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting (CVE-2013-3526)

Description:

A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.”

Nuclei Template

View the template here CVE-2013-3526.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2013/CVE-2013-3526.yaml

References:

https://exchange.xforce.ibmcloud.com/vulnerabilities/83311
http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html
https://nvd.nist.gov/vuln/detail/CVE-2013-3526
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/d4n-sec/d4n-sec.github.io

.. / CVE-2013-3526 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting (CVE-2013-3526)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2013-3526