CVE-2023-2822 PoC — Ellucian Ethos Identity logout cross site scripting

Source

https://github.com/cberman/CVE-2023-2822-demo

Associated Vulnerability

Title:Ellucian Ethos Identity logout cross site scripting (CVE-2023-2822)
Description:A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.

Description

Simple flask application to implement an intentionally vulnerable web app to demo CVE-2023-2822.

Readme

# CVE-2023-2822-demo
Simple flask application to implement an intentionally vulnerable web app to demo CVE-2023-2822.

Based on the writeup at https://medium.com/@cyberninja717/reflected-cross-site-scripting-vulnerability-in-ellucian-ethos-identity-cas-logout-page-685bb1675dfb.

```
docker build -t xss-demo .
docker run -p <host_port>:5000 xss-demo
```

🤖 AIL LEVEL: This flask app's AI Influence Level is AIL4. 
- [The AIL Rating System](https://danielmiessler.com/blog/ai-influence-level-ail/)
- See [how this code was written](https://chat.openai.com/share/d5a85160-24d4-4451-b8c1-148fdca14a18)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!