Lucene search
PRIOn knowledge basePRION:CVE-2024-21496HistoryFeb 17, 2024 - 5:15 a.m.
Cross site scripting
2024-02-1705:15:00
PRIOn knowledge base
www.prio-n.com
1
cross-site scripting
xss vulnerability
input sanitization
referer header
javascript url scheme
nvd
malicious scripts
user sessions
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], ["], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target userβs browser, compromising user sessions.
Related
veracode
veracode
Cross-site Scripting (XSS)
2024-02-19 11:58:23
cve
cve
CVE-2024-21496
2024-02-17 05:15:09
osv
osv
Cross-site Scripting in github.com/greenpau/caddy-security
2024-02-17 06:30:34
Cross-site Scripting in github.com/greenpau/caddy-security
2024-06-28 15:28:53
github
github
Cross-site Scripting in github.com/greenpau/caddy-security
2024-02-17 06:30:34
nvd
nvd
CVE-2024-21496
2024-02-17 05:15:09
cvelist
cvelist
CVE-2024-21496
2024-02-17 05:00:02