Lucene search
GoogleOSV:GHSA-XJ4V-GP4Q-H6QQHistoryMay 24, 2022 - 5:43 p.m.
qcubed reflected cross-site scripting (XSS) vulnerability
2022-05-2417:43:36
Google
osv.dev
8
qcubed
cross-site scripting
vulnerability
profile page
unauthenticated attackers
authenticated users
software
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
References
qcubed.com
seclists.org/fulldisclosure/2021/Mar/30
github.com/qcubed/qcubed
github.com/qcubed/qcubed/pull/1320/files
nvd.nist.gov/vuln/detail/CVE-2020-24912
tech.feedyourhead.at/content/QCubed-Cross-Site-Scripting-CVE-2020-24912
www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
Related
cvelist
cvelist
CVE-2020-24912
2021-03-04 12:30:24
github
github
qcubed reflected cross-site scripting (XSS) vulnerability
2022-05-24 17:43:36
osv
osv
CVE-2020-24912
2021-03-04 13:15:14
prion
prion
Cross site scripting
2021-03-04 13:15:00
nvd
nvd
CVE-2020-24912
2021-03-04 13:15:14
nuclei
nuclei
QCube Cross-Site-Scripting
2021-09-15 06:00:51
cve
cve
CVE-2020-24912
2021-03-04 13:15:14
packetstorm
packetstorm
QCubed 3.1.1 Cross Site Scripting
2021-03-12 00:00:00
zdt
zdt
QCubed 3.1.1 Cross Site Scripting Vulnerability
2021-03-13 00:00:00
wallarmlab
wallarmlab