Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Adobe Experience Manager - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in Adobe Experience Manager (AEM). AEM is a content management system that allows users to create, manage, and deliver digital experiences across various channels.
This module focuses on the severity of the vulnerability, which is classified as high. It is important to address this vulnerability promptly to prevent potential attacks.
This module was authored by dhiyaneshDk.
A cross-site scripting vulnerability in AEM can allow attackers to inject malicious scripts into web pages viewed by users. This can lead to various security risks, such as unauthorized access to sensitive information, session hijacking, and defacement of websites.
It is crucial to address this vulnerability to protect the integrity and security of the AEM platform and the websites it powers.
The "Adobe Experience Manager - Cross-Site Scripting" module works by sending HTTP requests to the AEM platform and analyzing the responses for specific conditions.
One example of an HTTP request used by this module is:
GET /etc/designs/xh1x.childrenlist.json//<svg onload=alert(document.domain)>.html
This request targets the "xh1x.childrenlist.json" file and includes a payload that triggers a cross-site scripting vulnerability.
The module uses matching conditions to identify if the vulnerability is present. The conditions include:
- The presence of the payload "<svg onload=alert(document.domain)>
" and the partial path "/etc/designs/xh1x.childrenlist.json
" in the response.
- The response header containing the word "text/html
".
- The response status code being 200.
By analyzing the responses based on these conditions, the module can determine if the cross-site scripting vulnerability exists in the AEM platform.