Code Cyber Security

Cloudron 6.2 Cross Site Scripting

Avatar photo

Bybmalandrone

Sep 17, 2021 , , , , ,
Authored by Akiner Kisa

Cloudron version 6.2 suffers from a cross site scripting vulnerability.

advisories | CVE-2021-31721

# Exploit Title: Cloudron 6.2 - Cross Site Scripting (Reflected)
# Google Dork: N/A
# Date: 10.06.2021
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://cloudron.io
# Software Link: https://www.cloudron.io/get.html
# Version: 6.3 >
# Tested on: Demo / Localhost
# CVE : CVE-2021-31721
Proof of Concept:

1. Go to https://my.demo.cloudron.io/login.html?returnTo=

2. Type your payload after returnTo=

3. Fill in the login information and press the sign in button.

Related posts:

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
ChatGPT vs. Gemini: Which Is Better for 10 Common Infosec Tasks?
3 Golden Rules of Modern Third-Party Risk Management
CriticalStart Releases Enhanced Capabilities for Microsoft 365 Defender
Threads now lets you control who can quote your posts

You missed

Motor Sports

Verstappen wins fourth F1 title in Las Vegas

Nov 23, 2024 espn.com
NBA Sports

NBA follows NFL in warning players on burglaries

Nov 23, 2024 espn.com
NBA Sports

‘Phenomenal’ Pippen Jr. shines in dad’s ex-arena

Nov 23, 2024 espn.com
NBA Sports

Ball’s career-best 50 not enough as Hornets fall

Nov 23, 2024 espn.com