.. / CVE-2020-13258

Exploit for Contentful <=2020-05-21 - Cross-Site Scripting (CVE-2020-13258)

Description:

Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.

Nuclei Template

View the template here CVE-2020-13258.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-13258.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-13258
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/contentful/the-example-app.py/issues/44