Delete CVE-2022-30072.yaml
Arafat Ansari
GitHub
parent
5c96e67f86
commit
e962675cc3
|
|
@ -1,45 +0,0 @@
|
|||
{\rtf1\ansi\ansicpg1252\cocoartf2638
|
||||
\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fmodern\fcharset0 Courier;}
|
||||
{\colortbl;\red255\green255\blue255;\red0\green0\blue0;\red255\green255\blue255;}
|
||||
{\*\expandedcolortbl;;\cssrgb\c0\c1\c1;\cssrgb\c100000\c100000\c99985;}
|
||||
\paperw11900\paperh16840\margl1440\margr1440\vieww28600\viewh16380\viewkind0
|
||||
\deftab720
|
||||
\pard\pardeftab720\partightenfactor0
|
||||
|
||||
\f0\fs26 \cf2 \expnd0\expndtw0\kerning0
|
||||
id: CVE-2022-30072\
|
||||
\
|
||||
info:\
|
||||
name: WBCE CMS v1.5.2 XSS Stored\
|
||||
author: arafatansari\
|
||||
severity: medium\
|
||||
description: |\
|
||||
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \\admin\\pages\\sections_save.php namesection2 parameters.\
|
||||
reference:\
|
||||
- https://github.com/APTX-4879/CVE\
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30072\
|
||||
metadata:\
|
||||
verified: true\
|
||||
tags: wbcecms,xss\
|
||||
\
|
||||
requests:\
|
||||
- method: POST\
|
||||
path:\
|
||||
- "\{\{BaseURL\}\}\\admin\\pages\\sections_save.php\'94\
|
||||
\
|
||||
matchers-condition: and\
|
||||
matchers:\
|
||||
- type: word\
|
||||
part: body\
|
||||
words:\
|
||||
- "<script>alert(document.domain)</script>"\
|
||||
\
|
||||
- type: word\
|
||||
part: header\
|
||||
words:\
|
||||
- text/html\
|
||||
\
|
||||
- type: status\
|
||||
status:\
|
||||
- 200\
|
||||
}
|
||||
Loading…
Reference in New Issue