Code Cyber Security

Cloudron 6.2 Cross Site Scripting

Avatar photo

Bybmalandrone

Sep 17, 2021 , , , , ,
Authored by Akiner Kisa

Cloudron version 6.2 suffers from a cross site scripting vulnerability.

advisories | CVE-2021-31721

# Exploit Title: Cloudron 6.2 - Cross Site Scripting (Reflected)
# Google Dork: N/A
# Date: 10.06.2021
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://cloudron.io
# Software Link: https://www.cloudron.io/get.html
# Version: 6.3 >
# Tested on: Demo / Localhost
# CVE : CVE-2021-31721
Proof of Concept:

1. Go to https://my.demo.cloudron.io/login.html?returnTo=

2. Type your payload after returnTo=

3. Fill in the login information and press the sign in button.

Related posts:

Mandiant Report: Dwell Time Decreases While Ransomware, Extortion Flourish
Amazon Quietly Patches 'High Severity' Vulnerability in Android Photos App
Backdoor.Win32.Hupigon.afjk Authentication Bypass / Code Execution
The Stark Truth Behind the Resurgence of Russia’s Fin7
New Android malware uses OCR to steal credentials from images

You missed

Fox News News

After Trump’s White House visit, Charlamagne asks how Biden went from ‘threat to democracy’ to ‘welcome back!’

Nov 14, 2024 foxnews.com
Fox News News

India’s capital introduces stricter anti-pollution measures as toxic smog hides Taj Mahal

Nov 14, 2024 foxnews.com
Fox News News

New Senate bipartisan border bill introduced in wake of Trump election victory

Nov 14, 2024 foxnews.com
Fox News News

Trump privately backed John Thune in tight leader race, Sen Steve Daines suggested

Nov 14, 2024 foxnews.com