CVE-2021-46888

CVSS V2 None CVSS V3 None

Description

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.

Overview

CVE ID
CVE-2021-46888

Assigner
cve@mitre.org

Vulnerability Status
Received

Published Version
2023-05-21T20:15:09

Last Modified Date
2023-05-21T20:15:09

References

Reference URL	Reference Tags
https://github.com/simonmichael/hledger/issues/1525
https://github.com/simonmichael/hledger/pull/1663
https://github.com/simonmichael/hledger/releases/tag/1.23
https://www.youtube.com/watch?v=QnRO-VkfIic

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-46888
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46888

History

Created	Old Value	New Value	Data Type	Notes
2023-05-21 21:00:24				Added to TrackCVE