Code Cyber Security

Cloudron 6.2 Cross Site Scripting

Avatar photo

Bybmalandrone

Sep 17, 2021 , , , , ,
Authored by Akiner Kisa

Cloudron version 6.2 suffers from a cross site scripting vulnerability.

advisories | CVE-2021-31721

# Exploit Title: Cloudron 6.2 - Cross Site Scripting (Reflected)
# Google Dork: N/A
# Date: 10.06.2021
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://cloudron.io
# Software Link: https://www.cloudron.io/get.html
# Version: 6.3 >
# Tested on: Demo / Localhost
# CVE : CVE-2021-31721
Proof of Concept:

1. Go to https://my.demo.cloudron.io/login.html?returnTo=

2. Type your payload after returnTo=

3. Fill in the login information and press the sign in button.

Related posts:

Veterans Explain How Military Service Prepared Them for Cybersecurity Careers
Researchers Say China State-backed Hackers Breached a Digital Certificate Authority
Two U.S. Men Charged in 2022 Hacking of DEA Portal
Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers
City of Dallas Still Clawing Back Weeks After Cyber Incident

You missed

Technology

Teenage Engineering is back with another droolworthy (and expensive) groovebox

Nov 14, 2024 engadget.com
Technology

Google is being targeted for oversight by the Consumer Financial Protection Bureau

Nov 14, 2024 engadget.com
Technology

This Apple Black Friday deal drops the Apple Watch Series 10 to a new low price on Amazon

Nov 14, 2024 engadget.com
Lifestyle Transportation

Pick of the Day: 2000 BMW Z3

Nov 14, 2024 classiccars.com