12 matches found
EUVD-2021-20258
Malware in sbrugna...
CVE-2021-33570
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...
Postbird 0.8.4 - Javascript Injection
Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...
Postbird 0.8.4 - Javascript Injection Exploit
Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...
CVE-2021-33570
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...
CVE-2021-33570
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...
Cross site scripting
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...
CVE-2021-33570
Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...
CVE-2021-33570
Postbird 0.8.4 is affected by a stored XSS via the IMG onerror attribute in any PostgreSQL table. The vulnerability can lead to local-file access via XMLHttpRequest and file://, and to credential exposure via window.localStorage/savedConnections. Exploitation examples and proof-of-concept payload...
postbird 跨站脚本漏洞
postbird is a software application. for a cross-platform PostgreSQL GUI client written in JavaScript that runs with Electron. A cross-site scripting vulnerability exists in Postbird version 0.8.4, which stems from allowing XSS to be stored via the onerror attribute of the IMG element of any...
PT-2021-20208 · Postbird +1 · Postbird +1
Name of the Vulnerable Software and Affected Versions: Postbird version 0.8.4 Description: The issue allows for stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/...