CVE-2021-43062 PoC — FortiMail 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-43062.yaml

Associated Vulnerability

Title:FortiMail 跨站脚本漏洞 (CVE-2021-43062)
Description:Fortinet FortiMail是美国飞塔（Fortinet）公司的一套电子邮件安全网关产品。该产品提供电子邮件安全防护和数据保护等功能。 Fortinet FortiMail 版本 7.0.1 和 7.0.0、版本 6.4.5 及更低版本、版本 6.3.7 及更低版本、版本 6.0.11 及更低版本存在跨站脚本漏洞，该漏洞源于网页生成期间输入的不正确中和（跨站点脚本）允许攻击者通过对 FortiGuard URI 保护服务的特制 HTTP GET 请求执行未经授权的代码或命令。。

Description

A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service.

File Snapshot


 id: CVE-2021-43062

info:
  name: Fortinet FortiMail 7.0.1 - Cross-Site Scripting
  author: ajaysenr

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!