vendor:
N/A
by:
Project Zero
8,8
CVSS
HIGH
Cross-site Scripting (XSS)
79
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2018
ParserRemoveChild Vulnerability
This vulnerability is caused by the lack of proper sanitization of user-supplied input in the ContainerNode::parserRemoveChild function. This allows an attacker to inject malicious code into the application, which can be used to execute arbitrary JavaScript code in the context of the application. The attacker can also use this vulnerability to bypass the same-origin policy and gain access to sensitive data.
Mitigation:
The application should properly sanitize user-supplied input before processing it.
