Exploit for Cloudron 6.2 Cross Site Scripting CVE-2021-31721

Name: Exploit for Cloudron 6.2 Cross Site Scripting CVE-2021-31721
Rating: 5 (144 reviews)

2021-09-17 | CVSS 4.3

## https://sploitus.com/exploit?id=PACKETSTORM:164183
# Exploit Title: Cloudron 6.2 - Cross Site Scripting (Reflected)  
# Google Dork: N/A  
# Date: 10.06.2021  
# Exploit Author: Akıner Kısa  
# Vendor Homepage: https://cloudron.io  
# Software Link: https://www.cloudron.io/get.html  
# Version: 6.3 >  
# Tested on: Demo / Localhost  
# CVE : CVE-2021-31721  
  
Proof of Concept:  
  
1. Go to https://my.demo.cloudron.io/login.html?returnTo=  
  
  
2. Type your payload after returnTo=  
  
3. Fill in the login information and press the sign in button.