Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbadanoiu/cve-2021-42558

CVE-2021-42558: Multiple Cross-Site Scripting in MITRE Caldera
https://github.com/mbadanoiu/cve-2021-42558

0-day cross-site-scripting cve cve-2021-42558 cves

Last synced: 2 days ago
JSON representation

CVE-2021-42558: Multiple Cross-Site Scripting in MITRE Caldera

Host: GitHub
URL: https://github.com/mbadanoiu/cve-2021-42558
Owner: mbadanoiu
Created: 2024-06-09T20:20:46.000Z (5 months ago)
Default Branch: main
Last Pushed: 2024-06-09T20:32:08.000Z (5 months ago)
Last Synced: 2024-06-09T22:45:16.515Z (5 months ago)
Topics: 0-day, cross-site-scripting, cve, cve-2021-42558, cves
Homepage:
Size: 23.3 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2021-42558: Multiple Cross-Site Scripting in MITRE Caldera

Caldera (versions <=2.8.1) contains multiple reflected, stored and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.

### Vendor Disclosure:

The vendor's disclosure for this vulnerability can be found [here](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42558).

### Requirements:

This vulnerability requires:

- Some XSSs require valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-42558/blob/main/Caldera%20-%20CVE-2021-42558.pdf).

### Additional Information:

The XSS vector "1.1. Unauthenticated Stored XSS in Agent" was also found in paralel and fixed by [Daniel "uruwhy" Matthews](https://github.com/uruwhy) in this [Caldera commit](https://github.com/mitre/caldera/commit/7d3dedb8a03cb2fcddbcb292b7ca8b8c31af62e5).