3 matches found
Exploit for OS Command Injection in Rambox
CVE-2019-17625 There is a stored XSS vulnerability in rambox...
CVE-2019-17625
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron,...
CVE-2019-17625
CVE-2019-17625 affects Rambox 0.6.9 with a stored XSS in the name field when adding/editing a service. The root cause is incorrect sanitization of the name field, enabling a payload that can trigger code execution in Node.js/Electron, e.g., via an onerror attribute in an IMG element. Connected so...