admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
d58633485a9d84f284aeb27bb9ab9bb36c52c67e
nuclei-templates/file/nodejs/xss-serialize-javascript.yaml
Prince Chaddha df72420cb0 Create xss-serialize-javascript.yaml
2022-12-22 16:33:46 +05:30

27 lines
661 B
YAML
Raw Blame History

id: xss-serialize-javascript
info:
name: XSS Serialize Javascript
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input reaching `serialize-javascript` with `unsafe` attribute can cause Cross Site Scripting (XSS).
tags: file,nodejs,serialize,xss
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "\\$S = require\\('serialize-javascript'\\)"
- "\\$S\\(..., {unsafe: true}\\)"
condition: or
- type: regex
negative: true
regex:
- "escape\\(...\\)"
- "encodeURI\\(...\\)"
condition: or
Reference in New Issue View Git Blame Copy Permalink