CVE-2018-20524


12/27/2018

CVE-2018-20524

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).

References: 
https://vul.su.ki/posts/Chat_Anywhere_2.4.0_XSS.md/



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *