Описание
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials.
Ссылки
- Third Party AdvisoryIssue Tracking
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.9.2 (включая)
cpe:2.3:a:keepassxc:keepassxc-browser:*:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00017
Низкий
7.1 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 7.1
github
около 2 месяцев назад
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials.
EPSS
Процентиль: 3%
0.00017
Низкий
7.1 High
CVSS3
Дефекты
CWE-352