Vulnerability Details CVE-2021-46888
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.3%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/simonmichael/hledger/issues/1525
- https://github.com/simonmichael/hledger/pull/1663
- https://github.com/simonmichael/hledger/releases/tag/1.23
- https://www.youtube.com/watch?v=QnRO-VkfIic
- https://github.com/simonmichael/hledger/issues/1525
- https://github.com/simonmichael/hledger/pull/1663
- https://github.com/simonmichael/hledger/releases/tag/1.23
- https://www.youtube.com/watch?v=QnRO-VkfIic