.. / CVE-2018-5316

Exploit for WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting (CVE-2018-5316)

Description:

WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter.

Nuclei Template

View the template here CVE-2018-5316.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-5316.yaml

References:

https://wordpress.org/support/topic/sagepay-server-gateway-for-woocommerce-1-0-7-cross-site-scripting/#post-9792337
https://wordpress.org/plugins/sagepay-server-gateway-for-woocommerce/#developers
https://nvd.nist.gov/vuln/detail/CVE-2018-5316
https://packetstormsecurity.com/files/145459/WordPress-Sagepay-Server-Gateway-For-WooCommerce-1.0.7-XSS.html
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2018-5316 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting (CVE-2018-5316)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-5316