.. / CVE-2013-4117

Exploit for WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting (CVE-2013-4117)

Description:

A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

Nuclei Template

View the template here CVE-2013-4117.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2013/CVE-2013-4117.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2013-4117
http://exploit.iedb.ir/exploits-177.html
http://seclists.org/bugtraq/2013/Jul/17
http://packetstormsecurity.com/files/122259/WordPress-Category-Grid-View-Gallery-XSS.html
http://openwall.com/lists/oss-security/2013/07/11/11

.. / CVE-2013-4117 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting (CVE-2013-4117)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2013-4117