Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:52F87A95-98DF-4C49-8A5C-C779282AA910
HistoryAug 06, 2021 - 12:00 a.m.

CVE-2021-38138

2021-08-0600:00:00
attackerkb.com
44
JSON

OneNav beta 0.9.12 allows XSS via the Add Link feature. PWNED by using remote execution script, automated for this vulnerability. NOTE: the vendor’s position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.

Proof:

<https://streamable.com/ubtzio&gt;

Recent assessments:

nu11secur1ty at August 06, 2021 5:37pm UTC reported:

OneNav beta 0.9.12 allows XSS via the Add Link feature. PWNED by using remote execution script, automated for this vulnerability. NOTE: the vendor’s position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.

More:

<https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38138&gt;

Proof:

<https://streamable.com/ubtzio&gt;

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5

Related

cve 1
osv 1
packetstorm 1
prion 1
cve
cve
CVE-2021-38138
2021-08-05 16:15:00
osv
osv
CVE-2021-38138
2021-08-05 16:15:07
packetstorm
packetstorm
OneNav Beta 0.9.12 Cross Site Scripting
2021-08-07 00:00:00
prion
prion
Design/Logic Flaw
2021-08-05 16:15:00
JSON
Related for AKB:52F87A95-98DF-4C49-8A5C-C779282AA910
cve1osv1packetstorm1prion1