'getgrav/grav' XSS 취약점 #CVE-2022-0268

취약점.

'getgrav/grav' XSS 취약점 #CVE-2022-0268

낭람._. 2022. 7. 17. 18:49

Target : getgrav/grav

GitHub - getgrav/grav: Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig

Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig, and Symfony - GitHub - getgrav/grav: Modern, Crazy Fast, Ridiculously Easy and Amazingly P...

github.com

Description

a 태그의 href 속성에 javascript: 를 넣을 수 있어 XSS 취약점이 발생한다.

PoC

<a href="javascript:alert(document.domain)">CLICK HERE TO EXPLOIT THIS XSS</a>

Cross-site Scripting (XSS) - Stored vulnerability found in grav

Reported on Jan 2nd 2022

huntr.dev

https://github.com/getgrav/grav/issues/3298

XSS content check for 'invalid_protocols' can trigger false-positives · Issue #3298 · getgrav/grav

If in your content you have a legitimate text that includes a protocol, it gets flagged as false-positive. Example: Pre-publication image data: management and processing This triggers invalid_proto...

github.com

https://github.com/getgrav/grav/issues/3175

Ignore dangerous HTML tags in code blocks · Issue #3175 · getgrav/grav

Hello, Noticed I had this warning in Tools > Reports: Security Scan complete: 1 potential XSS issues found... This is a false-positive triggered by <meta> tags being included in code block...

github.com