nuclei-templates/http/cves/2023/CVE-2023-1362.yaml

35 lines
1.1 KiB
YAML
Raw Normal View History

2023-06-02 18:15:08 +00:00
id: CVE-2023-1362
info:
name: unilogies/bumsys < v2.0.2 - Clickjacking
author: ctflearner
severity: medium
description: |
This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1362
- https://huntr.dev/bounties/e5959166-c8ef-4ada-9bb1-0ff5a9693bac/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-1362
cwe-id: CWE-1021
cpe: cpe:2.3:a:bumsys_project:bumsys:*:*:*:*:*:*:*:*
metadata:
2023-06-02 18:17:11 +00:00
max-request: 1
2023-06-02 18:15:08 +00:00
verified: "true"
tags: cve,cve2023,bumsys,clickjacking
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- "status_code_1 == 200"
- "!regex('X-Frame-Options', all_headers)"
- "contains(body, 'BUM</b>Sys</a>')"
condition: and