Description
Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Update the cyberchef package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.31.3
- Patched version(s): 8.31.3
References
Related Issues
- Firebase vulnerable to CRSF attack - CVE-2024-4128
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Cross-Site Scripting in highcharts - Vulnerability
- Tags:
- npm
- cyberchef
Anything's wrong? Let us know Last updated on January 09, 2023