You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
marcusramberg
published
GHSA-xmpj-xwm3-vww7Jan 4, 2022
Package
Convos.pm
(Perl)
Affected versions
6.51, 6.50, 6.49
Patched versions
6.52
Description
Summary
The Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quarter does not exist.
Impact
Through this vulnerability, an attacker is capable to execute malicious scripts.
P0cas Analyst
Summary
The Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quarter does not exist.
Impact
Through this vulnerability, an attacker is capable to execute malicious scripts.
Patches
86b2193
References