CVE-2021-33570
Postbird 0.8.4 is affected by a stored XSS via the IMG onerror attribute in any PostgreSQL table. The vulnerability can lead to local-file access via XMLHttpRequest and file://, and to credential exposure via window.localStorage/savedConnections. Exploitation examples and proof-of-concept payload...