id: vmware-cloud-xss info: name: VMWare Cloud - Cross Site Scripting author: tess severity: medium description: VMWare Cloud is vulnerable to Reflected Cross Site Scripting vulnerability. classification: cpe: cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: vmware product: cloud_foundation shodan-query: title:"Vmware Cloud" tags: vmware,xss,cloud http: - method: GET path: - '{{BaseURL}}/login/?redirectTo=/tenant/e&service=' matchers-condition: and matchers: - type: word part: body words: - '' - 'let tokens = "' condition: and - type: word part: header words: - 'text/html' - type: status status: - 200 # digest: 4a0a004730450220357b6d1b927f2e4ca9476dfbaba2a263bafdef886d9dd6b5e31565dc57089455022100db6c40b7c4f3b42177e764b3c3f09f44c25e4e30ae4f9884d906f0bc4c16e303:922c64590222798bb761d5b6d8e72950