Description
Versions of cyberchef prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force the table rows are created by concatenating the value variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Update the cyberchef package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.31.3
- Patched version(s): 8.31.3
References
Related Issues
- Materialize-css vulnerable to Cross-site Scripting in autocomplete component - CVE-2019-11003
- Materialize-css vulnerable to Cross-site Scripting in autocomplete component - materialize-css - CVE-2019-11003
- Bootstrap Vulnerable to Cross-Site Scripting - bootstrap - CVE-2019-8331
- Cross-Site Scripting in @nuxt/devalue - CVE-2019-13506
You might also like:
- Tags:
- npm
- cyberchef
Anything's wrong? Let us know Last updated on January 09, 2023


