Soumettre #266282: factominer FactoInvestigate 1.9 and earlier XSSinformation

Titrefactominer FactoInvestigate 1.9 and earlier XSS
Descriptionthe package is vulnerable to XSS, if a user analyzes a malicious dataset containing an XSS payload, the javascript code will be executed when the HTML report is generated and opened. Attackers can use that to redirect users to malicious websites acting as analysis reports.
La source⚠️ https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link
Utilisateur
 letmewin (UID 61323)
Soumission11/01/2024 16:10 (il y a 2 ans)
Modérer19/01/2024 10:35 (8 days later)
StatutAccepté
Entrée VulDB251544 [FactoMineR FactoInvestigate jusqu’à 1.9 HTML Report Generator HTML injection]
Points17

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!