Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14408 PoC — Agentejo Cockpit 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-14408.yaml
Associated Vulnerability
Title:Agentejo Cockpit 跨站脚本漏洞 (CVE-2020-14408)
Description:Agentejo Cockpit是德国Agentejo公司的一款用于管理网站结构化内容的管理系统。 Agentejo Cockpit 0.10.2版本中存在安全漏洞,该漏洞源于程序未正确处理发送到/auth/login的‘to’参数。攻击者可利用该漏洞在网页中注入任意JavaScript代码。
Description
Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
File Snapshot

 id: CVE-2020-14408

info:
  name: Agentejo Cockpit 0.10.2 - Cross-Site Scripting
  author: edoardott

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.