From 91c05909d52eadb9214c31ee4d0539e2a02a0e93 Mon Sep 17 00:00:00 2001
From: Who is secure <danielhaal2002@gmail.com>
Date: Wed, 9 Aug 2023 08:46:31 +0200
Subject: [PATCH] Update CVE-2023-24488 - Citrix Gateway Open Redirect and
 XSS.bcheck

This will avoid false positives due to the fact that some 404 status pages returns the introduced parameter encoding the "<" and ">" characters, but not the ".", so "document.cookie" appears but the rest of the payload is as introduced, "%3Cscript%3Ealert(document.cookie)%3C/script%3e".
---
 ...CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck b/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck
index dff0773..bb6733f 100644
--- a/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck	
+++ b/vulnerabilities-CVEd/CVE-2023-24488 - Citrix Gateway Open Redirect and XSS.bcheck	
@@ -14,7 +14,7 @@ given host then
         method: "GET"
         path: {potential_path}
 
-    if "document.cookie" in {check.response.body} then
+    if "<script>alert(document.cookie)</script>" in {check.response.body} then
         report issue:
             severity: medium
             confidence: certain