tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" b...">CVE-2022-21649 - vulnerability database | Vulners.com tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" b..."> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" b..."> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" b...">

Lucene search

K

GoogleOSV:CVE-2022-21649

HistoryJan 04, 2022 - 9:15 p.m.

CVE-2022-21649

2022-01-0421:15:07

Google

osv.dev

3

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

Convos is an open source multi-user chat that runs in a web browser. Characters starting with “https://” in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for “<” or “>” but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.

CPENameOperatorVersion
convoseq4.19
convoseq6.46
convoseq0.99_29
convoseq4.34
convoseq3.10
convoseq0.99_23
convoseq1.02
convoseq6.20
convoseq6.21
convoseq5.05

Rows per page:

1-10 of 1531

References

blog.pocas.kr/2021/12/30/2021-12-30-s-xss-convos-chat/#Second-vulnerability

github.com/convos-chat/convos/commit/86b2193de375005ba71d9dd53843562c6ac1847c

github.com/convos-chat/convos/security/advisories/GHSA-xmpj-xwm3-vww7

www.huntr.dev/bounties/4532a0ac-4e7c-4fcf-9fe3-630e132325c0/

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

Related for OSV:CVE-2022-21649

nvd1 huntr1 cve1 cvelist1 prion1