Description:
Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html “System contact” field.
Nuclei Template
View the template here CVE-2019-11370.yaml
Validate with Nuclei
echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-11370.yaml
References:
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370https://github.com/ARPSyndicate/kenzer-templates
https://www.exploit-db.com/exploits/46897
https://nvd.nist.gov/vuln/detail/CVE-2019-11370