| 标题 | Eigenfocus Eigenfocus Free Edition 1.4.0 Cross Site Scripting |
|---|
| 描述 | Eigenfocus Free Edition ≤ 1.4.0 contains a stored Cross-Site Scripting (XSS) vulnerability in Issue Title and Time Entry Description fields. User-supplied input is not properly sanitized, allowing attackers to store malicious payloads that execute in the browser of any user who views the affected entries. This can lead to arbitrary JavaScript execution, session hijacking, account compromise, and other unauthorized actions. The issue is resolved in version 1.4.1.
Release 1.4.1 link: https://github.com/Eigenfocus/eigenfocus/releases/tag/v1.4.1-free
Fix commit link: https://github.com/Eigenfocus/eigenfocus/commit/7dec94c9d1f3e513e0ee38ba68caaba628e08582
Discovered by Alex Perrakis - [email protected] |
|---|
| 来源 | ⚠️ https://github.com/Stolichnayer/eigenfocus-stored-xss |
|---|
| 用户 | alexperrakis (UID 85369) |
|---|
| 提交 | 2025-11-21 20時13分 (5 月前) |
|---|
| 管理 | 2025-11-23 10時53分 (2 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 333348 [Eigenfocus 直到 1.4.0 Description entry.description/time_entry.description 跨网站脚本] |
|---|
| 积分 | 20 |
|---|