Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-01-04T20:40:20
Updated: 2024-08-03T02:46:39.529Z
Reserved: 2021-11-16T00:00:00
Link: CVE-2022-21649
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-01-04T21:15:07.883
Modified: 2022-01-08T02:46:40.037
Link: CVE-2022-21649
Redhat
No data.