.. / CVE-2022-48197

Exploit for Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting (CVE-2022-48197)

Description:

Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.

Nuclei Template

View the template here CVE-2022-48197.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-48197.yaml
Copy

References:

https://www.exploit-db.com/exploits/51198
http://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-Cross-Site-Scripting.html
https://github.com/ryan412/CVE-2022-48197/blob/main/README.md
https://packetstormsecurity.com/files/171633/Yahoo-User-Interface-TreeView-2.8.2-Cross-Site-Scripting.html
https://nvd.nist.gov/vuln/detail/CVE-2022-48197