.. / CVE-2022-38467

Exploit for CRM Perks Forms < 1.1.1 - Cross Site Scripting (CVE-2022-38467)

Description:

The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting

Nuclei Template

View the template here CVE-2022-38467.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-38467.yaml
Copy

References:

https://github.com/ARPSyndicate/cvemon
https://wpscan.com/vulnerability/4b128c9c-366e-46af-9dd2-e3a9624e3a53
https://nvd.nist.gov/vuln/detail/CVE-2022-38467
https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
https://wordpress.org/plugins/crm-perks-forms/