Submeter #619142: cronoh nanovault v1.2.1 Code Injectioninformação

Títulocronoh nanovault v1.2.1 Code Injection
DescriçãoWe discovered a one-click remote code execution vulnerability in the latest version (v1.2.1) of the [NanoVault app](https://github.com/cronoh/nanovault). An attacker can exploit this vulnerability by embedding a specially crafted xrb: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (`xrb:`), causing the NanoVault application to launch and process the URL, leading to remote code execution on the victim’s machine.
Fonte⚠️ https://gist.github.com/jackfromeast/1e2e206813887a470e00b8474c616567
Utilizador
 Zhengyu Liu (UID 84541)
Submissão20/07/2025 04h12 (há 11 meses)
Moderação04/08/2025 14h01 (15 days later)
EstadoAceite
Entrada VulDB318665 [cronoh NanoVault até 1.2.1 xrb URL /main.js executeJavaScript Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!