icon

We found results for “

CVE-2022-23081

Date: June 22, 2022

Overview

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.

Details

In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.
An unauthenticated user can craft a link with a malicious JavaScript payload and send it to the admin.
When the admin clicks on the malicious link the XSS will be triggered.

PoC Details

1. Login to the application with an admin user. (usually the URL
will be: http://localhost:8080/)
2. Enter the above payload and watch the messagebox which
includes the admin user sessions cookie.

PoC Code

http://localhost:8080/"><script>alert(document.cookie)</script>

Affected Environments

openlibrary versions deploy-2016-07-0 through deploy-2021-12-22

Prevention

Upgrade to openlibrary version deploy-2022-06-09

Language: Python

Good to know:

icon
icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version deploy-2022-06-09

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None