Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-25T21:06:34

Updated: 2024-08-03T23:50:43.174Z

Reserved: 2021-05-25T00:00:00

Link: CVE-2021-33570

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-05-25T22:15:10.353

Modified: 2024-11-21T06:09:06.647

Link: CVE-2021-33570

cve-icon Redhat

No data.