daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5422 from projectdiscovery/fp-fix-CVE-2022-31373 

Update CVE-2022-31373.yaml
patch-1
Ritik Chaddha 2022-09-20 21:37:23 +05:30 committed by GitHub
parent 5d78e34674 2dd593253e
commit a96e66a9dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cves/2022/CVE-2022-31373.yaml
View File

@ -1,22 +1,19 @@
id: CVE-2022-31373
info:
name: SolarView Compact 6.00 - Cross-Site Scripting
name: SolarView Compact 6.00 - Cross-Site Scripting(XSS)
author: ritikchaddha
severity: medium
description: |
SolarView Compact 6.00 contains a cross-site scripting vulnerability via the Solar_AiConf.php component.
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
reference:
- https://github.com/badboycxcc/SolarView_Compact_6.0_xss
- https://nvd.nist.gov/vuln/detail/CVE-2022-31373
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-31373
cwe-id: CWE-79
metadata:
verified: true
shodan-query: http.html:"SolarView Compact"
verified: "true"
tags: cve,cve2022,xss,solarview
requests:
@ -30,6 +27,8 @@ requests:
part: body
words:
- '/Solar_AiConf.php/"><script>alert(document.domain)</script>'
- 'HREF="Solar_Service.php"'
condition: and
- type: word
part: header
@ -39,5 +38,3 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/14