Lucene search
Veracode Vulnerability DatabaseVERACODE:46403HistoryApr 15, 2024 - 6:31 a.m.
Cross-site Scripting (XSS)
2024-04-1506:31:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site scripting
github
vulnerability
unsanitized input
dom
payload
executed
user
request
software
github.com/tiagorlampert/chaos is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to the sendCommandHandler() function accepting unsanitized input via the output parameter and passing it along to the DOM, which results in a payload being executed by a user sending a request to the /command route.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/tiagorlampert/chaos | eq | HEAD | |
| github.com/tiagorlampert/chaos | eq | HEAD |
Related
nvd
nvd
CVE-2024-31839
2024-04-12 14:15:07
cve
cve
CVE-2024-31839
2024-04-12 14:15:07
osv
osv
tiagorlampert CHAOS vulnerable to Cross Site Scripting
2024-04-12 15:37:21
Cross site scripting in github.com/tiagorlampert/CHAOS
2024-05-09 22:01:10
cvelist
cvelist
CVE-2024-31839
2024-04-12 00:00:00
github
github
tiagorlampert CHAOS vulnerable to Cross Site Scripting
2024-04-12 15:37:21
zdt
zdt
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
2024-05-22 00:00:00
CHAOS RAT 5.0.1 Remote Command Execution Exploit
2024-04-11 00:00:00
packetstorm
packetstorm
CHAOS RAT 5.0.1 Remote Command Execution
2024-04-10 00:00:00
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
2024-05-21 00:00:00