CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-28 15:31:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
8e2ebbf9bd04edab52d0cbcbc6c2f6e2cfdaa67d
CVEs-PoC/2022/CVE-2022-21649.md
T
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

1.0 KiB
Raw Blame History

CVE-2022-21649

Description

Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.

POC

Reference

  • https://www.huntr.dev/bounties/4532a0ac-4e7c-4fcf-9fe3-630e132325c0/

Github

  • https://github.com/ARPSyndicate/cvemon
  • https://github.com/OpenGitLab/Bug-Storage
Reference in New Issue View Git Blame Copy Permalink