Name of the Vulnerable Software and Affected Versions:

OnionBuzz versions n/a through 1.0.7

Description:

The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS in Looks Awesome OnionBuzz.

Recommendations:

For OnionBuzz versions n/a through 1.0.7, update to a version that fixes the CSRF vulnerability to prevent Stored XSS attacks.