XSS Vulnerabilities in CALDERA by DrunkenShells
CVE-2021-42558

6.1MEDIUM

Key Information:

Vendor: Mitre
Status: Caldera
Vendor: CVE Published:; 12 January 2022

Badges

👾 Exploit Exists

What is CVE-2021-42558?

CALDERA version 2.8.1 is susceptible to multiple types of Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can be exploited by both authenticated users and unauthenticated attackers to execute arbitrary JavaScript in a user's browser. The improper handling of input allows malicious scripts to be reflected, stored, or executed within the application, posing significant security risks. Proper validation and sanitization of user inputs are essential to mitigate these vulnerabilities in your environment.

References

https://github.com/mitre/caldera/releases

x_refsource_MISC

https://github.com/DrunkenShells/Disclosures/tree/master/...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 10, 2024
👾
Exploit known to exist
Jun 10, 2024
Vulnerability published
Jan 12, 2022
Vulnerability Reserved
Oct 18, 2021

Mitre

Badges

What is CVE-2021-42558?

References

CVSS V3.1

Timeline