Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-2029: Stored XSS in Task field in titra

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

CVE
Open in Source
#xss#google#git

Description

The application Titra is vulnerable to Stored XSS in Task field.

Steps To Reproduce

  1. Click on add Track button
  2. In the Task field enter the payload "><img src=# onerror=alert(document.domain)>
  3. click save
  4. Now Click on Details
  5. XSS will be triggered

Image PoC

https://drive.google.com/file/d/1twcYvvdV-hCE4hI0HwtnE9ZvqpYC77gS/view?usp=sharing https://drive.google.com/file/d/1CNtiY-VeLjPtYQOx3clUKSxgSAMM2mQM/view?usp=sharing

Impact

This allows the attacker to execute malicious scripts in all the project members browser and it can lead to session hijacking, sensitive data exposure, and worse.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE