3 matches found
CVE-2022-21690 Cross-Site Scripting in Onionshare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...
CVE-2022-21690 Cross-Site Scripting in Onionshare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...
CVE-2022-21690
OnionShare (CVE-2022-21690) is affected where the path parameter passed to the QT frontend is not sanitized, causing the QT RichText/QLabel to render HTML4 subset in the server history display. Impact is elevated where an attacker could render arbitrary HTML in the OnionShare desktop history view...