Lucene search
MitreCVELIST:CVE-2021-33570HistoryMay 25, 2021 - 9:06 p.m.
CVE-2021-33570
2021-05-2521:06:34
mitre
www.cve.org
2
postbird
xss
postgresql
stored
vulnerability
xmlhttprequest
open
savedconnections
EPSS
0.005
Percentile
76.6%
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.
References
packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html
packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html
github.com/Paxa/postbird/issues/132
github.com/Paxa/postbird/issues/133
github.com/Paxa/postbird/issues/134
github.com/Tridentsec-io/postbird
tridentsec.io/blogs/postbird-cve-2021-33570/
www.exploit-db.com/exploits/49910
Related
packetstorm
packetstorm
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
2021-05-27 00:00:00
exploitdb
exploitdb
Postbird 0.8.4 - Javascript Injection
2021-05-27 00:00:00
zdt
zdt
Postbird 0.8.4 - Javascript Injection Exploit
2021-05-27 00:00:00
cve
cve
CVE-2021-33570
2021-05-25 22:15:10
prion
prion
Cross site scripting
2021-05-25 22:15:00
osv
osv
CVE-2021-33570
2021-05-25 22:15:10
nvd
nvd
CVE-2021-33570
2021-05-25 22:15:10