Vulnerability Details CVE-2019-17625
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.3%
CVSS Severity
CVSS v3 Score 9.0
CVSS v2 Score 8.5
References