Cloudron 6.2 Cross-Site Scripting

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting. id: CVE-2021-40868 info: name: Cloudron 6.2 Cross-Site Scripting author: daffainfo severity: medium description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site...

cloudron (>=0.1.2 <=0.9.4), cloudron-manifestformat (>=1.3.0 <=5.10.1) +8 more potentially affected by CVE-2020-7737 via safetydance (>=0.0.15 <=1.0.0)

safetydance NPM version =0.0.15, =0.1.2, =1.3.0, =1.0.0, =1.0.0, =0.8.7, =1.3.0, =0.0.2, =0.2.1 Source cves: CVE-2020-7737 Source advisory: OSV:GHSA-6M85-WVCR-PGW3...

Cloudron 6.2 Cross Site Scripting

Exploit Title: Cloudron 6.2 - 'returnTo ' Cross Site Scripting Reflected Date: 10.06.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 CVE : CVE-2021-40868 Proof of Concept: 1. Go to...

Cloudron 6.2 - &#039;returnTo &#039; Cross Site Scripting (Reflected)

Exploit Title: Cloudron 6.2 - 'returnTo ' Cross Site Scripting Reflected Date: 10.06.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 CVE : CVE-2021-40868 Proof of Concept: 1. Go to...

CVE-2021-40868

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS...

CVE-2021-40868

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS...

Cross site scripting

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS...

CVE-2021-40868

CVE-2021-40868 affects Cloudron 6.2, where the login page’s returnTo parameter is vulnerable to reflected Cross-Site Scripting (XSS). The issue arises in the handling of the returnTo input on the login page, enabling execution of arbitrary JavaScript in the victim’s browser. Public sources descri...

CVE-2021-40868

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS...

Cloudron 跨站脚本漏洞

Cloudron is a platform from Cloudron, Inc. for installing, managing, and securing web applications on servers. A security vulnerability exists in Cloudron 6.2 that stems from insufficient validation of the returnTo parameter input on the login page...

Cloudron 6.2 Cross Site Scripting Vulnerability

Exploit Title: Cloudron 6.2 - Cross Site Scripting Reflected Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 Tested on: Demo / Localhost CVE : CVE-2021-31721 Proof of Concept: 1. Go to...

Cloudron 6.2 Cross Site Scripting

Exploit Title: Cloudron 6.2 - Cross Site Scripting Reflected Google Dork: N/A Date: 10.06.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 Tested on: Demo / Localhost CVE : CVE-2021-31721 Proof of Concept: 1. Go to...

LDAP Injection

cloudron-surfer is vulnerable to LDAP injection. Lack of validation in the username parameter allows an attacker to inject and execute arbitrary LDAP statements, resulting in authentication bypass, information disclosure or potentially denial of service...

@cloudron/manifest-format (>=5.27.0 <=5.35.0), @cloudron/pipework (>=1.1.0 <=2.0.0) +13 more potentially affected by CVE-2020-7737 via safetydance (>=0.0.15 <=2.5.1)

safetydance NPM version =0.0.15, =5.27.0, =1.1.0, =1.0.0, =0.1.2, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =0.8.7, =1.3.0, =0.0.3, =0.0.2, =0.2.1 Source cves: CVE-2020-7737 Source advisory: SNYK:JS-SAFETYDANCE-598687...

Node.js third-party modules: [cloudron-surfer] Denial of Service via LDAP Injection

I would like to report Denial of service via LDAP Injection vulnerability in cloudron-surfer module. It allows a malicious attacker to send a malformed input that is interpreted as an LDAP filter, leading to Denial of Service. Module module name: cloudron-surfer version: 5.9.0 npm page:...