Lucene search
GoogleOSV:GHSA-F2C5-997W-7F5CHistorySep 20, 2021 - 8:42 p.m.
Cross-site Scripting in peertube
2021-09-2020:42:41
Google
osv.dev
9
peertube
vulnerability
cross-site scripting
svg image
session keys
local storage
javascript
EPSS
0.001
Percentile
32.7%
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’). It was found that one could upload a SVG image and then send the url of that to other users and when they open the link we can get their complete session keys as the session keys stored in local storage and with Javascript easily can be stolen by attackers.
Related
cvelist
cvelist
CVE-2021-3780 Cross-site Scripting (XSS) - Stored in chocobozzz/peertube
2021-09-15 11:15:11
osv
osv
CVE-2021-3780
2021-09-15 12:15:16
cnvd
cnvd
PeerTube Cross-Site Scripting Vulnerability
2021-09-18 00:00:00
huntr
huntr
Cross-site Scripting (XSS) - Stored in chocobozzz/peertube
2021-09-07 22:22:28
cve
cve
CVE-2021-3780
2021-09-15 12:15:16
nvd
nvd
CVE-2021-3780
2021-09-15 12:15:16
github
github
Cross-site Scripting in peertube
2021-09-20 20:42:41
prion
prion
Cross site scripting
2021-09-15 12:15:00