PT-2022-27053 · Unknown · Browsershot
Carlos Bello
·
Published
2022-11-25
·
Updated
2023-01-10
·
CVE-2022-43983
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Browsershot version 3.57.2
Description
The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the
Browsershot::html method does not contain URLs that use the file:// protocol.Recommendations
For Browsershot version 3.57.2, consider validating the HTML content passed to the
Browsershot::html method to prevent the inclusion of URLs using the file:// protocol as a temporary workaround until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Browsershot