Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-QH7X-J4V8-QW5W
HistorySep 22, 2021 - 8:39 p.m.

Clipboard-based XSS

2021-09-2220:39:26
Google
osv.dev
46
xss
user impact
dom based vulnerability
copy & paste
html editor
innerhtml
browser security
javascript
securitum
vulnerability

EPSS

0.001

Percentile

36.6%

JSON

Impact

XSS against the user.

Details

jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS.

References

The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers: https://research.securitum.com/the-curious-case-of-copy-paste/

Related

prion 1
cvelist 1
github 1
ibm 1
cve 1
nvd 1
osv 1
prion
prion
Cross site scripting
2021-09-21 21:15:00
cvelist
cvelist
CVE-2021-41086 Clipboard-based XSS in jsuites
2021-09-21 21:00:12
github
github
Clipboard-based XSS
2021-09-22 20:39:26
ibm
ibm
Security Bulletin: JSuites is vulnerable to cross-site scripting (CVE-2021-41086)
2023-07-28 19:51:46
cve
cve
CVE-2021-41086
2021-09-21 21:15:07
nvd
nvd
CVE-2021-41086
2021-09-21 21:15:07
osv
osv
CVE-2021-41086
2021-09-21 21:15:07

EPSS

0.001

Percentile

36.6%

JSON
Related for OSV:GHSA-QH7X-J4V8-QW5W
prion1cvelist1github1ibm1cve1nvd1osv1