Cloudron version 6.2 suffers from a cross site scripting vulnerability.
advisories | CVE-2021-31721
# Exploit Title: Cloudron 6.2 - Cross Site Scripting (Reflected)
# Google Dork: N/A
# Date: 10.06.2021
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://cloudron.io
# Software Link: https://www.cloudron.io/get.html
# Version: 6.3 >
# Tested on: Demo / Localhost
# CVE : CVE-2021-31721
Proof of Concept:
1. Go to https://my.demo.cloudron.io/login.html?returnTo=
2. Type your payload after returnTo=
3. Fill in the login information and press the sign in button.
Related posts:
Veterans Explain How Military Service Prepared Them for Cybersecurity Careers
Researchers Say China State-backed Hackers Breached a Digital Certificate Authority
Two U.S. Men Charged in 2022 Hacking of DEA Portal
Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers
City of Dallas Still Clawing Back Weeks After Cyber Incident