.. / CVE-2020-6171

Exploit for CLink Office 2.0 - Cross-Site Scripting (CVE-2020-6171)

Description:

CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Nuclei Template

View the template here CVE-2020-6171.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-6171.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2020-6171
https://www.deepcode.ca/index.php/2020/04/07/cve-2020-xss-in-clink-office-v2/
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2020-6171 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for CLink Office 2.0 - Cross-Site Scripting (CVE-2020-6171)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-6171