CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

CVE-2021-38138

CVE-2021-38138 affects OneNav beta 0.9.12. The issue is a stored cross‑site scripting (XSS) vulnerability in the Add Link feature, with root cause described as the vendor intentionally lacking XSS protection for now; protection is planned for a future release. Publicly referenced exploit activity...

OneNav 跨站脚本漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. OneNav beta 0.9.12 suffers from a cross-site scripting vulnerability, which allows attackers to conduct XSS attacks via the Add Link feature...

PT-2021-21960 · Onenav · Onenav

Name of the Vulnerable Software and Affected Versions: OneNav beta version 0.9.12 Description: The issue allows for XSS via the Add Link feature. The vendor has stated that there is intentionally no XSS protection at present, as the attack risk is largely limited to a compromised account. However...