Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Oracle Siebel Loyalty 8.1 - Cross-Site Scripting" module is designed to detect a vulnerability in Oracle Siebel Loyalty software. This vulnerability allows remote unauthenticated attackers to inject arbitrary JavaScript code into the responses returned by the '/loyalty_enu/s' endpoint. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.
This module was authored by dhiyaneshDK.
If exploited, this vulnerability can lead to cross-site scripting (XSS) attacks. By injecting malicious JavaScript code into the responses, attackers can potentially steal sensitive user information, manipulate website content, or perform other malicious actions.
The module works by sending a GET request to the '/loyalty_enu/start.swe/%3E%22%3E%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' endpoint. It then applies several matching conditions to determine if the vulnerability exists:
- The response must contain the string "</script><script>alert(document.domain)</script>" - The response header must contain the string "text/html" - The response status code must be 200If all the matching conditions are met, the module reports the vulnerability.