cd-messenger is vulnerable to arbitrary code execution. Untrusted user input to the color
argument is passed to the eval
function without validation, allowing an attacker to execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
cd-messenger | le | 2.7.26 |