3 matches found
CVE-2022-43983
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol...
CVE-2022-43983
CVE-2022-43983 affects Browsershot v3.57.2. The flaw arises because HTML content passed to Browsershot::html is not validated for file:// URLs, enabling an external attacker to remotely obtain arbitrary local files. Documented impact includes high severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I...
CVE-2022-43983 Browsershot 3.57.2 - Server Side XSS to LFR via HTML
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol...