Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a crafted markdown.
References
Link | Resource |
---|---|
https://github.com/rockiger/akiee/issues/42 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-06-26 16:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-1000543
Mitre link : CVE-2018-1000543
CVE.ORG link : CVE-2018-1000543
JSON object : View
Products Affected
rockiger
- akiee
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')