.. / CVE-2022-2290

Exploit for Trilium <0.52.4 - Cross-Site Scripting (CVE-2022-2290)

Description:

Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

Nuclei Template

View the template here CVE-2022-2290.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-2290.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://github.com/zadam/trilium/commit/3faae63b849a1fabc31b823bb7af3a84d32256a7
https://nvd.nist.gov/vuln/detail/CVE-2022-2290
https://github.com/zadam/trilium
https://huntr.dev/bounties/367c5c8d-ad6f-46be-8503-06648ecf09cf/

.. / CVE-2022-2290 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Trilium <0.52.4 - Cross-Site Scripting (CVE-2022-2290)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-2290