Skip to content

add CVE-2024-3378 (vKEV)#13284

Merged
princechaddha merged 6 commits intomainfrom
unknown repository
Sep 17, 2025
Merged

add CVE-2024-3378 (vKEV)#13284
princechaddha merged 6 commits intomainfrom
unknown repository

Conversation

@ghost
Copy link
Copy Markdown

@ghost ghost commented Sep 16, 2025

i send mail

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Additional References:

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Sep 16, 2025
@DhiyaneshGeek DhiyaneshGeek requested review from pussycat0x and removed request for DhiyaneshGeek September 16, 2025 22:20
@princechaddha
Copy link
Copy Markdown
Member

princechaddha commented Sep 17, 2025

Hello @halil-s4e , thank you so much for sharing this template with the community and contributing to this project 🍻

I have updated CVE-2024-3378 by converting the second matcher to DSL format and added the vkev tag. The XSS payload was removed to make the detection less intrusive - instead of injecting actual script tags that could trigger security controls or cause unintended effects, the template now uses a harmless marker (</{{randstr}}>) that still effectively detects the stored XSS vulnerability by checking if user input is reflected in the response

@princechaddha princechaddha merged commit 7587d5c into projectdiscovery:main Sep 17, 2025
3 checks passed
@algora-pbc
Copy link
Copy Markdown

algora-pbc Bot commented Sep 18, 2025

🎉🎈 @halil-s4e has been awarded $200 by ProjectDiscovery! 🎈🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pussycat0x pussycat0x Awaiting requested review from pussycat0x

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels

Done Ready to merge 💰 Rewarded

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@princechaddha @DhiyaneshGeek @pussycat0x