Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:8 p.m.4 views

CVE-2021-33570

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...

5.4CVSS5.4AI score0.03561EPSS
Exploits4References1
Circl
Circl
added 2021/05/28 1:19 a.m.7 views

CVE-2021-33570

creationtimestamp| type| source ---|---|--- 2021-05-28 01:19:23+00:00| seen| https://t.me/pwnwikizhchannel/515...

5.4CVSS5.5AI score0.03561EPSS
Exploits4References1
0day.today
0day.today
added 2021/05/27 12:0 a.m.27 views

Postbird 0.8.4 - Javascript Injection Exploit

Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...

5.4CVSS5.6AI score0.03561EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.177 views

Postbird 0.8.4 Cross Site Scripting / Local File Inclusion

Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...

5.6AI score0.03561EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/05/27 12:0 a.m.193 views

Postbird 0.8.4 - Javascript Injection

Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...

5.4CVSS5.5AI score0.03561EPSS
Exploits4
CVE
CVE
added 2021/05/25 9:6 p.m.134 views

CVE-2021-33570

Postbird 0.8.4 is affected by a stored XSS via the IMG onerror attribute in any PostgreSQL table. The vulnerability can lead to local-file access via XMLHttpRequest and file://, and to credential exposure via window.localStorage/savedConnections. Exploitation examples and proof-of-concept payload...

5.4CVSS5AI score0.03561EPSS
Exploits4References8Affected Software1
Rows per page
Query Builder