.. / CVE-2019-20141

Exploit for WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting (CVE-2019-20141)

Description:

WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.

Nuclei Template

View the template here CVE-2019-20141.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-20141.yaml
Copy

References:

https://knassar702.github.io/cve/neon/
https://nvd.nist.gov/vuln/detail/CVE-2019-20141
https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
https://github.com/ARPSyndicate/kenzer-templates
https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html