Lucene search

K
osvGoogleOSV:GHSA-X823-J7C4-VPC5
HistoryApr 20, 2021 - 4:31 p.m.

Cross-site scripting in sickrage

2021-04-2016:31:43
Google
osv.dev
8
sickrage
cross-site-scripting
xss
quicksearch
vulnerability
user input
sessionid
masquerade

EPSS

0.001

Percentile

32.7%

In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user’s sessionID to masquerade as a victim user, to carry out any actions in the context of the user.

EPSS

0.001

Percentile

32.7%

Related for OSV:GHSA-X823-J7C4-VPC5