CVE-2019-17625

There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.
References
Link Resource
https://github.com/ramboxapp/community-edition/issues/2418 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:rambox:rambox:0.6.9:*:*:*:community:*:*:*

Information

Published : 2019-10-16 12:15

Updated : 2019-10-16 10:36


NVD link : CVE-2019-17625

Mitre link : CVE-2019-17625

Products Affected
No products.