Описание
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats.
Impact
A Cross-Site Scripting (XSS) vulnerability was found in the HTML output of chats. XSS is intended to be mitigated by Jinja's escape function. However, autoescape=True was missing when setting the environment. Although the actual impact is low, considering the HTML file is being viewed offline, an adversary may still be able to inject malicious payloads into the chat through WhatsApp. All users are affected.
Patches
The vulnerability is patched in 0.9.5. All users are strongly advised to update the exporter to the latest version.
Workarounds
No workaround is available. Please update the exporter to the latest version.
References
https://github.com/KnugiHK/WhatsApp-Chat-Exporter/commit/bfdc68cd6ad53ceecf132773f9aaba50dd80fe79 https://owasp.org/www-community/attacks/xss/
Пакеты
Whatsapp-Chat-Exporter
< 0.9.5
0.9.5
5.4 Medium
CVSS3
Дефекты
5.4 Medium
CVSS3