| عنوان | factominer FactoInvestigate 1.9 and earlier XSS |
|---|
| الوصف | the package is vulnerable to XSS, if a user analyzes a malicious dataset containing an XSS payload, the javascript code will be executed when the HTML report is generated and opened. Attackers can use that to redirect users to malicious websites acting as analysis reports. |
|---|
| المصدر | ⚠️ https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link |
|---|
| المستخدم | letmewin (UID 61323) |
|---|
| ارسال | 11/01/2024 04:10 PM (2 سنوات منذ) |
|---|
| الاعتدال | 19/01/2024 10:35 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 251544 [FactoMineR FactoInvestigate حتى 1.9 HTML Report Generator HTML injection] |
|---|
| النقاط | 17 |
|---|