.. / CVE-2022-32195

Exploit for Open edX <2022-06-06 - Cross-Site Scripting (CVE-2022-32195)

Description:

Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the ‘next’ parameter in the logout URL.

Nuclei Template

View the template here CVE-2022-32195.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-32195.yaml
Copy

References:

https://github.com/ARPSyndicate/cvemon
https://discuss.openedx.org/t/security-patch-for-logout-page-xss-vulnerability/7408
https://nvd.nist.gov/vuln/detail/CVE-2022-32195
https://github.com/edx
https://github.com/ARPSyndicate/kenzer-templates