TotalJS messenger 跨站脚本漏洞

TotalJS messenger is a Node.js open source Slack alternative to the Total.js Platform open source. A cross-site scripting vulnerability exists in TotalJS Messenger version b6cf1c9, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload injected into a...

PT-2023-22537 · Total.Js · Total.Js

Name of the Vulnerable Software and Affected Versions: TotalJS messenger version b6cf1c9 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. This enables attackers to...