CVE-2020-24903 PoC — CuteSoft Cute Editor 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-24903.yaml

Associated Vulnerability

Title:CuteSoft Cute Editor 跨站脚本漏洞 (CVE-2020-24903)
Description:CuteSoft Cute Editor是美国CuteSoft公司的一款可用于编辑PHP和ASP的HTML编辑器。 Cute Editor for ASP.NET 6.4 存在跨站脚本漏洞，该漏洞允许远程攻击者使用特制URL在受害者的Web浏览器中执行脚本。

Description

Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

File Snapshot


 id: CVE-2020-24903

info:
  name: Cute Editor for ASP.NET 6.4 - Cross-Site Scripting
  author: edoar

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!