.. / CVE-2021-43574

Exploit for Atmail 6.5.0 - Cross-Site Scripting (CVE-2021-43574)

Description:

Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter.

Nuclei Template

View the template here CVE-2021-43574.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-43574.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://medium.com/%40bhattronit96/cve-2021-43574-696041dcab9e
https://medium.com/@bhattronit96/cve-2021-43574-696041dcab9e
https://help.atmail.com/hc/en-us/sections/115003283988
https://nvd.nist.gov/vuln/detail/CVE-2021-43574

.. / CVE-2021-43574 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Atmail 6.5.0 - Cross-Site Scripting (CVE-2021-43574)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-43574