CVE-2021-33570

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:postbird_project:postbird:0.8.4:*:*:*:*:*:*:*

Information

Published : 2021-05-25 15:15

Updated : 2022-06-03 11:54


NVD link : CVE-2021-33570

Mitre link : CVE-2021-33570


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

postbird_project

  • postbird