Zinc Cross-site Scripting vulnerability
Moderate severity
GitHub Reviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Jul 6, 2023
Description
Published by the National Vulnerability Database
Oct 6, 2022
Published to the GitHub Advisory Database
Jul 6, 2023
Reviewed
Jul 6, 2023
Last updated
Jul 6, 2023
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.
References