nuclei-templates/file/nodejs/xss-serialize-javascript.yaml

27 lines
857 B
YAML

id: xss-serialize-javascript
info:
name: XSS Serialize Javascript
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input reaching `serialize-javascript` with `unsafe` attribute can cause Cross Site Scripting (XSS).
tags: file,nodejs,serialize,xss
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\('serialize-javascript'\\)"
- "\\$S\\(\\.\\*?, \\{unsafe: true\\}\\)"
condition: or
- type: regex
negative: true
regex:
- "escape\\(.*?\\)"
- "encodeURI\\(.*?\\)"
condition: or
# digest: 4b0a00483046022100c969127d5164e847745c08918d013ec03653d1ebd3df975a2ebba346eabc86ca022100eb6452e18b4c019fede7e45505c43395c0a854ec7842beb502dfed933b126877:922c64590222798bb761d5b6d8e72950