CVE-2013-6281 PoC — WordPress Spreadsheet插件‘page’参数跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2013/CVE-2013-6281.yaml

Associated Vulnerability

Title:WordPress Spreadsheet插件‘page’参数跨站脚本漏洞 (CVE-2013-6281)
Description:WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。Spreadsheet（又名dhtmlxSpreadsheet）是其中的一个HTML表格生成插件，类似Excel效果，可对单元格进行编辑、排序等操作。 WordPress的Spreadsheet(dhtmlxSpreadsheet)插件2.0版本中的codebase/spreadsheet.php脚本中存在跨站脚本漏洞。远程攻击者可借助‘page’参数利用该漏洞注入

Description

WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.

File Snapshot


 id: CVE-2013-6281

info:
  name: WordPress Spreadsheet - Cross-Site Scripting
  author: random-robbi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!