3 matches found
Exploit for Origin Validation Error in Edex-Ui_Project Edex-Ui
CVE-2023-30856 Security Patch for eDEX-UI ⚠️ Critical Secu...
CVE-2023-30856 eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...
CVE-2023-30856
eDEX-UI (versions ≤2.2.8) is affected by CVE-2023-30856 due to cross-site WebSocket hijacking that enables remote command execution. Root cause: lack of origin validation in the internal WebSocket server. Vulnerable code location: edex-ui/src/classes/terminal.class.js:458. A community patch propo...