Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
0cc045d
Merge pull request #4 from OWASP/master
Aarush289 Jan 20, 2026
2a32fe2
Merge pull request #8 from OWASP/master
Aarush289 Feb 5, 2026
4090ae3
Merge pull request #9 from OWASP/master
Aarush289 Feb 8, 2026
2a0b83e
Add FortiWeb authentication bypass vulnerability check
Aarush289 Feb 10, 2026
b1ffe4e
Remove FortiWeb auth bypass vulnerability entry
Aarush289 Feb 10, 2026
6db5ee7
Fix vulnerability name in wp_plugin_cve_2021_38314.yaml
Aarush289 Feb 10, 2026
6fd226a
Rename CVE identifier from 39314 to 39320
Aarush289 Feb 10, 2026
03675d5
Merge pull request #10 from OWASP/master
Aarush289 Feb 12, 2026
0d3399e
Merge pull request #13 from OWASP/master
Aarush289 Feb 18, 2026
ace2db9
Merge pull request #14 from OWASP/master
Aarush289 Feb 23, 2026
0711d39
Merge pull request #16 from OWASP/master
Aarush289 Mar 3, 2026
0857127
Merge pull request #18 from OWASP/master
Aarush289 Mar 8, 2026
44a9ae6
Merge pull request #19 from OWASP/master
Aarush289 Mar 20, 2026
95ac772
Merge pull request #20 from OWASP/master
Aarush289 Apr 9, 2026
5d5201e
Merge remote-tracking branch 'upstream/master'
Aarush289 Apr 25, 2026
b03d8bc
Merge pull request #22 from OWASP/master
Aarush289 May 25, 2026
ef3e0c8
Added new vulnerability module
Aarush289 Jun 3, 2026
9534402
regex modified to correctly identify vulnerability
Aarush289 Jun 23, 2026
f708d01
Merge branch 'master' into CVE-2026-27176
Aarush289 Jun 23, 2026
fb747a2
fix reegx
Aarush289 Jun 23, 2026
0f63d8c
Merge branch 'master' into CVE-2026-27176
securestep9 Jun 25, 2026
73a41f9
fix the regex
Aarush289 Jun 30, 2026
3a27479
Merge branch 'master' into CVE-2026-27176
Aarush289 Jun 30, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/Modules.md
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ If you want to scan all ports please define -g 1-65535 range. Otherwise Nettacke
- '**justwriting_cve_2021_41878_vuln**' – check the target for JustWriting CVE-2021-41878
- '**langflow_cve_2025_3248_vuln**' - check the target for Langflow CVE-2025-3248 vulnerability
- '**log4j_cve_2021_44228_vuln**' – check the target for Log4Shell CVE-2021-44228 vulnerability
- '**majordomo_xss_cve_2026_27176_vuln**' – check MajorDoMo reflected XSS vulnerability CVE-2026-27176
- '**maxsite_cms_cve_2021_35265_vuln**' – check the target for MaxSite CMS CVE-2021-35265
- '**memos_cve_2025_22952_ssrf_vuln**' – check vulnerable Memos markdown metadata endpoint CVE-2025-22952
- '**meteobridge_cve_2025_4008_vuln**' - check for MeteoBridge unauthenticated command injection CVE-2025-4008
Expand Down
57 changes: 57 additions & 0 deletions nettacker/modules/vuln/majordomo_xss_cve_2026_27176.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
info:
name: majordomo_xss_cve_2026_27176_vuln
author: OWASP Nettacker Team
severity: 6.1
description: Reflected Cross-Site Scripting (XSS) vulnerability in MajorDoMo command.php via the qry parameter. An attacker can inject arbitrary JavaScript that is reflected in the response and executed in the victim's browser.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2026-27176
profiles:
- vuln
- http
- medium_severity
- cve2026
- cve
- majordomo
- xss

payloads:
- library: http
steps:
- method: get
timeout: 3
headers:
User-Agent: "{user_agent}"
allow_redirects: false
ssl: false
url:
nettacker_fuzzer:
input_format: "{{schema}}://{target}:{{ports}}/{{paths}}"
prefix: ""
suffix: ""
interceptors:
data:
schema:
- "http"
- "https"
ports:
- 80
- 443
paths:
- command.php?qry=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E

response:
condition_type: and
conditions:
status_code:
regex: '200'
reverse: false

headers:
Content-Type:
regex: text/html
reverse: false

content:
regex: |
(?s)(?=.*Command:)(?=.*\">\x3Cimg src=x onerror=alert\(document\.domain\)\x3E)
reverse: false
Loading