CVE-2021-42558 PoC — Caldera 跨站脚本漏洞

Source

https://github.com/mbadanoiu/CVE-2021-42558

Associated Vulnerability

Title:Caldera 跨站脚本漏洞 (CVE-2021-42558)
Description:Caldera是法国Caldera公司的一套能够为打印机设备提供色彩管理、成像和处理解决方案的软件。 Caldera 2.8.1版本存在跨站脚本漏洞，该漏洞源于软件对于用户提交的参数数据缺少有效的过滤和转义。

Description

CVE-2021-42558: Multiple Cross-Site Scripting in MITRE Caldera

Readme

# CVE-2021-42558: Multiple Cross-Site Scripting in MITRE Caldera

Caldera (versions <=2.8.1) contains multiple reflected, stored and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.

### Vendor Disclosure:

The vendor's disclosure for this vulnerability can be found [here](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42558).

### Requirements:

This vulnerability requires:
<br/>
- Some XSSs require valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-42558/blob/main/Caldera%20-%20CVE-2021-42558.pdf).

### Additional Information:

The XSS vector "1.1. Unauthenticated Stored XSS in Agent" was also found in paralel and fixed by [Daniel "uruwhy" Matthews](https://github.com/uruwhy) in this [Caldera commit](https://github.com/mitre/caldera/commit/7d3dedb8a03cb2fcddbcb292b7ca8b8c31af62e5).

File Snapshot


 [4.0K]  /data/pocs/c9cca8b724a2273698021a9f44bdd4467196ad56
├── [ 25M]  Caldera - CVE-2021-42558.pdf
└── [ 953]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!