3 matches found
CVE-2022-21649
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...
CVE-2022-21649 Stored XSS via attribute in convos
Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "" but escaping for double quotes does not exist. Through this...
CVE-2022-21649
Convos (open source multi-user web chat) is affected by a Stored XSS in chat messages. The vulnerability arises because escaping exists for but not for double quotes, enabling attacker-controlled scripts via the chat window (e.g., injected by https:// links that become tags). The root cause is ...