CVE-2021-42558

MEDIUM

MITRE Caldera < 2.8.1 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-42558. PoCs published by mbadanoiu.

AI-analyzed exploit summary This repository documents CVE-2021-42558, which involves multiple XSS vulnerabilities (reflected, stored, and self) in MITRE Caldera versions <=2.8.1. The writeup references a PDF for exploitation details and notes some vectors require authentication.

Description

An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.

Exploits (1)

nomisec WRITEUP

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2021-42558

View Code ZIP pw:eip

This repository documents CVE-2021-42558, which involves multiple XSS vulnerabilities (reflected, stored, and self) in MITRE Caldera versions <=2.8.1. The writeup references a PDF for exploitation details and notes some vectors require authentication.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: MITRE Caldera <=2.8.1

Auth required

Prerequisites: Valid user credentials for some XSS vectors

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes x_refsource_misc

https://github.com/mitre/caldera/releases

Exploit, Third Party Advisory x_refsource_misc

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42558-Multiple%20XSS-MITRE%20Caldera

Scores

CVSS v3 6.1

EPSS 0.0105

EPSS Percentile 59.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mitre/caldera < 2.8.1

Published Jan 12, 2022

Tracked Since Feb 18, 2026