← volver
CVE-2021-46888

CVE-2021-46888

EPSS 0.8%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 may 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/simonmichael/hledger/issues/1525https://github.com/simonmichael/hledger/pull/1663https://github.com/simonmichael/hledger/releases/tag/1.23https://www.youtube.com/watch?v=QnRO-VkfIic