Cryptocat Arbitrary Script Injection Vulnerability

2015-11-07 15:05:05

source: http://www.securityfocus.com/bid/61093/info

Cryptocat is prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary script code within the context of the application.

Versions prior to Cryptocat 2.0.22 are vulnerable.

Http://example.come/data:image/foo;base64,PGh0bWw+PGlmcmFtZSBzcmM9Imh0dHA6Ly9ldmlsLmNvbS8iPjwvaWZyYW1lPjwvaHRtbD4NCg

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.