PT-2018-9439 · Akiee · Akiee
Theflink
·
Published
2018-06-26
·
Updated
2018-08-20
·
CVE-2018-1000543
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Akiee version 0.0.3
Description
The issue is related to a XSS vulnerability that can lead to code execution. This is due to the lack of validation in the "Details" of a task, which can result in XSS and subsequently allow for arbitrary code execution. The attack is exploitable if the attacker can trick the victim into opening a crafted markdown.
Recommendations
For Akiee version 0.0.3, as a temporary workaround, consider validating user input in the "Details" of a task to prevent XSS attacks until a patch is available. Restrict the use of markdown integration to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Akiee