إرسال #699689: Eigenfocus Eigenfocus Free Edition 1.4.0 Cross Site Scriptingالمعلومات

عنوانEigenfocus Eigenfocus Free Edition 1.4.0 Cross Site Scripting
الوصفEigenfocus Free Edition ≤ 1.4.0 contains a stored Cross-Site Scripting (XSS) vulnerability in Issue Title and Time Entry Description fields. User-supplied input is not properly sanitized, allowing attackers to store malicious payloads that execute in the browser of any user who views the affected entries. This can lead to arbitrary JavaScript execution, session hijacking, account compromise, and other unauthorized actions. The issue is resolved in version 1.4.1. Release 1.4.1 link: https://github.com/Eigenfocus/eigenfocus/releases/tag/v1.4.1-free Fix commit link: https://github.com/Eigenfocus/eigenfocus/commit/7dec94c9d1f3e513e0ee38ba68caaba628e08582 Discovered by Alex Perrakis - [email protected]
المصدر⚠️ https://github.com/Stolichnayer/eigenfocus-stored-xss
المستخدم
 alexperrakis (UID 85369)
ارسال21/11/2025 08:13 PM (5 أشهر منذ)
الاعتدال23/11/2025 10:53 AM (2 days later)
الحالةتمت الموافقة
إدخال VulDB333348 [Eigenfocus حتى 1.4.0 Description entry.description/time_entry.description البرمجة عبر المواقع]
النقاط20

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!