CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. id: CVE-2024-31839 info: name: CHAOS 5.0.1 'sendCommandHandler' - Cross-Site Scripting author: riteshs4hu severity:...

CVE-2024-30850

An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within clientservice.go...

GHSA-XFJJ-F699-RC79 tiagorlampert CHAOS vulnerable to arbitrary code execution

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering...

tiagorlampert CHAOS vulnerable to arbitrary code execution

An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filtering...

CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

CVE-2024-33434

An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the filename argument into the buildStr string without any sanitization or filteri...

GHSA-C5RV-HJJC-JV7M tiagorlampert CHAOS vulnerable to Cross Site Scripting

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component...

CVE-2024-30850

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage...

CVE-2024-30850

...

CVE-2024-31839

Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component...

CVE-2024-30850

...

CVE-2024-30850

CVE-2024-30850 concerns tiagorlampert CHAOS v5.0.1 with a remote code execution vulnerability via the BuildClient function in client_service.go. Multiple connected sources corroborate an RCE issue in CHAOS, including GHSA entries and OSV advisories, describing arbitrary code execution triggered b...

PT-2024-24235

Name of the Vulnerable Software and Affected Versions: tiagorlampert CHAOS version 5.0.1 Description: A Cross Site Scripting XSS vulnerability exists in tiagorlampert CHAOS. A remote attacker may be able to escalate privileges via the sendCommandHandler function in the handler.go component. A...

PT-2024-5024

Name of the Vulnerable Software and Affected Versions: tiagorlampert CHAOS version 5.0.1 tiagorlampert CHAOS versions before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e Description: The issue allows a remote attacker to execute arbitrary code via the...