Описание
Cross-site Scripting in peertube
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It was found that one could upload a SVG image and then send the url of that to other users and when they open the link we can get their complete session keys as the session keys stored in local storage and with Javascript easily can be stolen by attackers.
Пакеты
Наименование
peertube
npm
Затронутые версииВерсия исправления
< 3.4.0
3.4.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 4 лет назад
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS3: 6.1
debian
больше 4 лет назад
peertube is vulnerable to Improper Neutralization of Input During Web ...