CVE-2021-27909 PoC — Mautic 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-27909.yaml

Associated Vulnerability

Title:Mautic 跨站脚本漏洞 (CVE-2021-27909)
Description:Mautic是一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic 存在跨站脚本漏洞，该漏洞源于 Mautic 的密码重置页面上存在 XSS 漏洞，其中 URL 中的易受攻击的参数 bundle 可能允许攻击者执行 Javascript 代码。攻击者需要说服或诱骗目标点击使用易受攻击参数的密码重置 URL。

Description

Mautic before 3.3.4 contains a cross-site scripting vulnerability on the password reset page in the bundle parameter of the URL. An attacker can inject arbitrary script, steal cookie-based authentication credentials, and/or launch other attacks.

File Snapshot


 id: CVE-2021-27909

info:
  name: Mautic <3.3.4 - Cross-Site Scripting
  author: kiransau
  severity

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!