CVE-2018-1000543

Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a crafted markdown.
References
Link Resource
https://github.com/rockiger/akiee/issues/42 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rockiger:akiee:0.0.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-26 16:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-1000543

Mitre link : CVE-2018-1000543

CVE.ORG link : CVE-2018-1000543


JSON object : View

Products Affected

rockiger

  • akiee
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')