Lucene search
B1nslashsh1-PYPI-PAPERMERGEHistoryFeb 06, 2021 - 12:00 a.m.
Cross-site Scripting (XSS) - Generic in ciur/papermerge
2021-02-0600:00:00
b1nslashsh
www.huntr.dev
8
0.001 Low
EPSS
Percentile
43.2%
:book: Description
Papermerge is an open source document management system (DMS) primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directly upload to Papermerge DMS… This package is vulnerable for (XSS).
https://github.com/ciur/papermerge
https://pypi.org/project/papermerge/
:recycle: Steps To Reproduce-:
- clone https://github.com/ciur/papermerge or use demo https://demo.papermerge.com/
- add jscode in meta form. Payload used :
"><img src>
:telescope: POC
https://drive.google.com/file/d/1AovUz4yG46RRVCRlohd1-YyTlO_edEKg/view?usp=sharing
💥 Impact
XSS
Related
osv
osv
PYSEC-2020-74
2020-12-02 08:15:00
CVE-2020-29456
2020-12-02 08:15:10
Cross-site scripting in papermerge
2021-04-20 16:37:56
prion
prion
Cross site scripting
2020-12-02 08:15:00
cve
cve
CVE-2020-29456
2020-12-02 08:15:10
nvd
nvd
CVE-2020-29456
2020-12-02 08:15:10
github
github
Cross-site scripting in papermerge
2021-04-20 16:37:56
cvelist
cvelist
CVE-2020-29456
2020-12-02 07:50:23