nuclei-templates/cves/2021/CVE-2021-29484.yaml

id: CVE-2021-29484

info:
  name: DOM XSS in Ghost CMS
  author: rootxharsh,iamnoooob
  severity: medium
  description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site.
  reference:
    - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg
    - https://nvd.nist.gov/vuln/detail/CVE-2021-29484
    - https://www.npmjs.com/package/ghost
    - https://forum.ghost.org/t/critical-security-update-available-for-ghost-4-x/22290
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-29484
    cwe-id: CWE-79
  tags: cve,cve2021,xss,ghost

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ghost/preview"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'XMLHttpRequest.prototype.open'
        part: body

      - type: word
        words:
          - 'text/html'
        part: header

      - type: status
        status:
          - 200
Add CVE-2021-29484.yaml 2021-08-01 18:24:52 +00:00			`id: CVE-2021-29484`

			`info:`
			`name: DOM XSS in Ghost CMS`
Adding metadata 2021-08-02 17:46:05 +00:00			`author: rootxharsh,iamnoooob`
Add CVE-2021-29484.yaml 2021-08-01 18:24:52 +00:00			`severity: medium`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 13:59:12 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-29484`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://www.npmjs.com/package/ghost`
			`- https://forum.ghost.org/t/critical-security-update-available-for-ghost-4-x/22290`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 6.1`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2021-29484`
			`cwe-id: CWE-79`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2021,xss,ghost`
Add CVE-2021-29484.yaml 2021-08-01 18:24:52 +00:00
			`requests:`
Update cves/2021/CVE-2021-29484.yaml Co-authored-by: Toufik Airane <toufik.airane@appsectribe.com> 2021-08-02 17:35:35 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/ghost/preview"`
Add CVE-2021-29484.yaml 2021-08-01 18:24:52 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- 'XMLHttpRequest.prototype.open'`
			`part: body`

			`- type: word`
			`words:`
			`- 'text/html'`
			`part: header`

			`- type: status`
			`status:`
			`- 200`