제출 #162541: HTML Injection정보

제목HTML Injection
설명We (DeepCove Cybersecurity) found that the chat function within Pydio version 4.2.0 is not supposed to accept HTML tags, and only markdown by design. However with a carefully crafted HTTPS request, as a proof of concept, we were able to inject HTML code that renders an image within the chat function, that leads to a "malicious" domain when clicked by the user. This affected all users within the same Pydio cells. The vendor had been notified, finding had been acknowledged, and advisory to update to Pydio cells version 4.2.1 is released. https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 Technical write-up of this vulnerability will be published once CVE is assigned.
원천⚠️ https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421
사용자
 ignatiusmichael (UID 28987)
제출2023. 05. 30. PM 01:52 (3 연령 ago)
모더레이션2023. 05. 30. PM 03:32 (2 hours later)
상태수락
VulDB 항목230213 [Abstrium Pydio Cells 4.2.0 Chat 크로스 사이트 스크립팅]
포인트들16

Interested in the pricing of exploits?

See the underground prices here!