Skip to content

Instantly share code, notes, and snippets.

@cd80

cd80/gist:50463b0e62067ec861b7006cbf46b068

Last active February 14, 2024 07:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cd80/50463b0e62067ec861b7006cbf46b068 to your computer and use it in GitHub Desktop.
Save cd80/50463b0e62067ec861b7006cbf46b068 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
- CVE ID
Not assigned yet
- Name of affected product and versions
https://github.com/tabatkins/railroad-diagrams
version <= commit ea9a123
- Problem type
Attacker can execute arbitrary javascript code in victim's browser by sending specifically crafted url that exploits DOM based XSS in /generator.html.
- Description
Cross Site Scripting (XSS) vulnerability in the component /generator.html of github repository tabatkins/railroad-diagrams allows attackers to execute arbitrary javascript code via sending a crafted URL to a victim.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment