Rambox

rambox

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Rambox

rambox

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-17625 1Rambox 1Rambox Nov 21, 2024 Oct 16, 2019 N/A· v4 9.0 CRITICAL· v3 8.5 HIGH· v2 There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed...Show more There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-17625

1Rambox

Nov 21, 2024

Oct 16, 2019

N/A· v4

9.0 CRITICAL· v3

8.5 HIGH· v2

There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.Show less