CVE-2023-30212
published 2023-04-26CVE-2023-30212: OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
PriorityP342medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
8.12%
94.1th percentile
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ourphp | ourphp | <= 7.2.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
matchers-condition: and matchers: - type: word part: body words: - "location.href='../..alert(document.domain)'" - type: word part: header words: - "text/html" - type: status status: - 200
- →Detect XSS exploitation attempts against OURPHP by looking for the reflected payload string 'location.href=\'../..alert(document.domain)\'' in HTTP response bodies to requests targeting /client/manage/ourphp_out.php.
- →Alert on HTTP 200 responses with Content-Type text/html containing the XSS payload string, indicating successful reflection of the injected script.
- ·Vulnerability affects OURPHP versions 7.2.0 and below; ensure detection rules are scoped to environments running these versions. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
OURPHP <= 7.2.0 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2023-30212 [MEDIUM] OURPHP <= 7.2.0 - Cross Site Scripting
OURPHP alert(document.domain)"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "location.href='../..alert(document.domain)'"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022100ab3df52bb65365fb2f5a9bc9780f0fa71fc2775d8ea4bccb0483453769c4cd7602205b53b93ebf2269862210c83a9eba3c3f332f742c64b3d2ae98680a31f7eec596:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2023-04-26
Published