cronoh NanoVault xrb URL main.js executeJavaScript cross site scripting

A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

NanoVault 安全漏洞

NanoVault是Andrew Steele个人开发者的一个使用Nano加密货币的开源钱包软件。 NanoVault 1.2.1及之前版本存在安全漏洞，该漏洞源于文件/main.js中函数executeJavaScript存在跨站脚本漏洞。

N/A

N/A