2 matches found
CVE-2022-45557
Concrete details found: CVE-2022-45557 affects Hundredrabbits Left, version 7.1.5 on macOS, due to a cross-site scripting (XSS) in file names. Root cause is improper handling/sanitization of filenames leading to script execution. Impact aligns with XSS, enabling arbitrary code execution via craft...
CVE-2022-45558
CVE-2022-45558 is a Cross Site Scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for macOS, caused by unsafe handling of meta tags that can allow arbitrary code execution. Affected product/version: Hundredrabbits Left 7.1.5. Exploitation exists in the public records (PoC noted in the exp...