CVEs-PoC/2021/CVE-2021-36760.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

963 B

Raw Permalink Blame History

CVE-2021-36760

Description

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)

POC

Reference

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1314

Github

https://github.com/20142995/nuclei-templates
https://github.com/cyb3r-w0lf/nuclei-template-collection

963 B Raw Permalink Blame History

CVE-2021-36760

Description

POC

Reference

Github

963 B

Raw Permalink Blame History