| Titel | https://github.com/otale/tale Tale Blog v2.0.5 Cross Site Scripting |
|---|
| Beschreibung | In the OptionsService class, the application does not properly validate or filter the `themeUrl` input. This oversight allows an attacker to inject malicious JavaScript code through URL manipulation. By crafting a malicious URL that includes executable HTML or JavaScript content, an attacker can exploit this vulnerability to perform a Cross-Site Scripting (XSS) attack. |
|---|
| Quelle | ⚠️ https://github.com/dragonkeep/cve/blob/main/Tale_Blog_xss.md |
|---|
| Benutzer | Dragonkeep (UID 62708) |
|---|
| Einreichung | 21.02.2025 09:20 (vor 1 Jahr) |
|---|
| Moderieren | 22.02.2025 14:16 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 296561 [otale bis 2.0.5 header.html OptionsService logo_url Cross Site Scripting] |
|---|
| Punkte | 18 |
|---|