Submeter #266282: factominer FactoInvestigate 1.9 and earlier XSSinformação

Títulofactominer FactoInvestigate 1.9 and earlier XSS
Descriçãothe package is vulnerable to XSS, if a user analyzes a malicious dataset containing an XSS payload, the javascript code will be executed when the HTML report is generated and opened. Attackers can use that to redirect users to malicious websites acting as analysis reports.
Fonte⚠️ https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link
Utilizador
 letmewin (UID 61323)
Submissão11/01/2024 16h10 (há 2 anos)
Moderação19/01/2024 10h35 (8 days later)
EstadoAceite
Entrada VulDB251544 [FactoMineR FactoInvestigate até 1.9 HTML Report Generator HTML injection]
Pontos17

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!