Submit #266282: factominer FactoInvestigate 1.9 and earlier XSSinfo

Titlefactominer FactoInvestigate 1.9 and earlier XSS
Descriptionthe package is vulnerable to XSS, if a user analyzes a malicious dataset containing an XSS payload, the javascript code will be executed when the HTML report is generated and opened. Attackers can use that to redirect users to malicious websites acting as analysis reports.
Source⚠️ https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link
User
 letmewin (UID 61323)
Submission01/11/2024 16:10 (2 years ago)
Moderation01/19/2024 10:35 (8 days later)
StatusAccepted
VulDB entry251544 [FactoMineR FactoInvestigate up to 1.9 HTML Report Generator HTML injection]
Points17

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!