Update CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck

This will avoid false positives due to the fact that some 404 status pages returns the introduced parameter encoding the "<" and ">" characters, but not the ".", so "document.cookie" appears but the rest of the payload is as introduced, "%3Cscript%3Ealert(document.cookie)%3C/script%3e".
PortSwigger · Aug 9, 2023 · 91c0590 · 91c0590
1 parent c21a7e2
commit 91c0590
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck b/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck
@@ -14,7 +14,7 @@ given host then
         method: "GET"
         path: {potential_path}
 
-    if "document.cookie" in {check.response.body} then
+    if "<script>alert(document.cookie)</script>" in {check.response.body} then
         report issue:
             severity: medium
             confidence: certain