{"uuid": "b0eafe6e-bf4e-481c-a394-a2ddc6311031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-31474", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3490", "content": "#exploit\n1. CVE-2021-20717:\nEC-CUBE-XSS (PoC)\nhttps://github.com/s-index/CVE-2021-20717\n// Vulnerability in EC-CUBE 4.0.0 - 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser\n\n2. CVE-2021-31474:\nSolarWinds Network Performance Monitor RCE (PoC)\nhttps://gist.github.com/testanull/dcb536b409a28d74430a441d53b14456?fbclid=IwAR0aAnZndfZR2isO4I0UNt9FzMAIB7EJy7e4X7dtTdKouhnFu7qZ7NQ8W8M\n// PoC:\nPOST /api/Action/TestAction HTTP/1.1\n...\n 2x Base64", "creation_timestamp": "2021-05-30T13:43:01.000000Z"}