Miggo Logo

CVE-2017-20159: keynote Cross-site Scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.38834%
Published
12/31/2022
Updated
10/20/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
keynoterubygems< 1.0.01.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit 05be4356b0a6ca7de48da926a9b997beb5ffeb4a modifies the attrs_to_s method in rumble.rb to add quote escaping via gsub('"', '"'). The original code passed HTML-safe strings through without escaping quotes, creating XSS vectors when attributes contained unescaped quotes. The vulnerability is directly tied to this attribute serialization logic that processes user-controllable 'value' parameters.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in r* K*ynot* up to *.x. It **s ***n r*t** *s pro*l*m*ti*. *****t** *y t*is issu* is som* unknown *un*tion*lity o* t** *il* li*/k*ynot*/rum*l*.r*. T** m*nipul*tion o* t** *r*um*nt v*lu* l***s to *ross sit* s*riptin*. T** *tt

Reasoning

T** *ommit **************************************** mo*i*i*s t** *ttrs_to_s m*t*o* in rum*l*.r* to *** quot* *s**pin* vi* *su*('"', '&quot;'). T** ori*in*l *o** p*ss** *TML-s*** strin*s t*rou** wit*out *s**pin* quot*s, *r**tin* XSS v**tors w**n *ttri