| Название | factominer FactoInvestigate 1.9 and earlier XSS |
|---|
| Описание | the package is vulnerable to XSS, if a user analyzes a malicious dataset containing an XSS payload, the javascript code will be executed when the HTML report is generated and opened. Attackers can use that to redirect users to malicious websites acting as analysis reports. |
|---|
| Источник | ⚠️ https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link |
|---|
| Пользователь | letmewin (UID 61323) |
|---|
| Представление | 11.01.2024 16:10 (2 лет назад) |
|---|
| Модерация | 19.01.2024 10:35 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 251544 [FactoMineR FactoInvestigate до 1.9 HTML Report Generator HTML injection] |
|---|
| Баллы | 17 |
|---|