Impact
An HTML injection flaw exists in the /src/highlight.rs component of matze wastebin version 3.4.1. The vulnerability allows an attacker to craft a payload that injects arbitrary JavaScript, giving them the ability to execute code in the victim’s browser. The impact is equivalent to remote code execution, potentially leading to data theft, defacement, or further compromise. The flaw is a classic Cross‑Site Scripting issue identified as CWE‑79 and carries a CVSS score of 9.6.
Affected Systems
The only publicly documented affected version is matze wastebin v3.4.1. No other versions or products are listed as impacted. Users running this exact version should assume it is vulnerable.
Risk and Exploitability
The EPSS score of less than 1% suggests that, as of the latest data, exploitation has not been widely observed, but the critical CVSS rating means the potential damage is high. The vulnerability appears to be exploitable via crafted requests or input that reaches the highlight.rs endpoint; the exact attack vector is inferred from the description of a crafted payload. The project is not currently listed in the CISA KEV catalog, but the seriousness of the flaw warrants caution.
OpenCVE Enrichment