PT-2023-11614 · Hfish · Hfish
N407Pengyuyan
·
Published
2023-01-26
·
Updated
2023-02-01
·
CVE-2020-22327
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HFish version 0.5.1
Description
An issue was discovered in HFish where XSS code is triggered when the administrator views information after a payload is inserted in the name entry field.
Recommendations
For HFish version 0.5.1, consider restricting access to the name entry field to prevent malicious payload insertion until a fix is available. As a temporary workaround, avoid viewing user-entered information in the administrator panel to minimize the risk of XSS code execution.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hfish