Merge pull request #80 from whoissecure/whoissecure-patch-1

Update CVE-2023-24488 - Avoid false positives
PortSwigger · Aug 10, 2023 · 7d9fd04 · 7d9fd04
2 parents c21a7e2 + 91c0590
commit 7d9fd04
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck b/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck
@@ -14,7 +14,7 @@ given host then
         method: "GET"
         path: {potential_path}
 
-    if "document.cookie" in {check.response.body} then
+    if "<script>alert(document.cookie)</script>" in {check.response.body} then
         report issue:
             severity: medium
             confidence: certain