4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.7%
I found UXss in your browser, and executed Xss on all open domains.
before that I want to tell you a little, that I’ve found a vulnerability like this in Microsoft Edge :
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23258
Oppo browser : (Private/no disclosure)
and now i found it in your application
Payload : {F2191688}
This is a QR Code containing the url : javascript:alert(document.domain);
which the attacker will use to attack the victim
{F2191713}
{F2191709}
{F2191707}
{F2191708}
{F2191706} {F2191705}
{F2191774}
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23258
Attackers can steal the victim’s cookies, and as you can see at this point. that this vulnerability does not only affect brave, but will affect all existing domains/websites. and it is very possible that websites such as facebook.com, google.com, microsoft.com are also affected by this vulnerability
example :
https://portswigger.net/daily-swig/microsoft-edge-translator-contained-uxss-flaw-exploitable-on-any-web-page
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.7%