Bhargav

3 exploits Active since Oct 2022
CVE-2024-41809 WRITEUP HIGH WRITEUP
OpenObserve 0.4.4-0.10.0 - Stored Cross-Site Scripting in MemberSubscription.vue
OpenObserve is an open-source observability platform. Starting in version 0.4.4 and prior to version 0.10.0, OpenObserve contains a cross-site scripting vulnerability in line 32 of `openobserve/web/src/views/MemberSubscription.vue`. Version 0.10.0 sanitizes incoming html.
CVSS 7.2
CVE-2022-32171 WRITEUP WRITEUP
Zinc 0.1.9-0.3.1 - Authenticated Stored Cross-Site Scripting via User ID Field
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the user id field, the javascript payload will be executed and allow an attacker to access the user’s credentials.
CVE-2022-32172 WRITEUP WRITEUP
Zinc 0.1.9-0.3.1 - Authenticated Stored Cross-Site Scripting via Template Name Field
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’s credentials.