Cloudron version 6.2 suffers from a cross site scripting vulnerability.
advisories | CVE-2021-31721
# Exploit Title: Cloudron 6.2 - Cross Site Scripting (Reflected)
# Google Dork: N/A
# Date: 10.06.2021
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://cloudron.io
# Software Link: https://www.cloudron.io/get.html
# Version: 6.3 >
# Tested on: Demo / Localhost
# CVE : CVE-2021-31721
Proof of Concept:
1. Go to https://my.demo.cloudron.io/login.html?returnTo=
2. Type your payload after returnTo=
3. Fill in the login information and press the sign in button.
Related posts:
New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim
Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents
Iranian Hackers Charming Kitten Utilize POWERSTAR Backdoor in Targeted Espionage Attacks
911 Proxy Service Implodes After Disclosing Breach
Apple may have begun a new push to remove outdated software from the App Store