.. / CVE-2020-23517

Exploit for Aryanic HighMail (High CMS) - Cross-Site Scripting (CVE-2020-23517)

Description:

A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via ‘user’ to LoginForm.

Nuclei Template

View the template here CVE-2020-23517.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-23517.yaml

References:

https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html
https://nvd.nist.gov/vuln/detail/CVE-2020-23517
https://github.com/Elsfa7-110/kenzer-templates
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/d4n-sec/d4n-sec.github.io

.. / CVE-2020-23517 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Aryanic HighMail (High CMS) - Cross-Site Scripting (CVE-2020-23517)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-23517