.. / CVE-2022-0087

Exploit for Keystone 6 Login Page - Open Redirect and Cross-Site Scripting (CVE-2022-0087)

Description:

On the login page, there is a “from=” parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS.

Nuclei Template

View the template here CVE-2022-0087.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0087.yaml
Copy

References:

https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38
https://nvd.nist.gov/vuln/detail/CVE-2022-0087
https://huntr.com/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e