Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-33829 PoC — CKEditor 跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-33829.yaml
Associated Vulnerability
Title:CKEditor 跨站脚本漏洞 (CVE-2021-33829)
Description:CKEditor是一套开源的、基于网页的文字编辑器。 CKEditor 存在跨站脚本漏洞,该漏洞源于HTML数据处理器中对输入数据处理不当。远程攻击者可通过一个精心制作的注释注入可执行的JavaScript代码。以下产品及型号会受到影响:4 4.14.0至4.16版本。
Description
CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content.
File Snapshot

 id: CVE-2021-33829

info:
  name: Drupal 7 CKEditor XSS
  author: 0x_Akoko
  severity: medium
  desc

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.