WRITEUP

WRITEUP

Exploit for CVE-2026-27469 - Isso <0afbfe0 - Stored XSS

AI Analysis

This patch addresses a stored XSS vulnerability in Isso comments by ensuring proper HTML escaping of the website and author fields. The fix involves using `escape(..., quote=True)` for the website field and `escape(..., quote=False)` for the author field across all write paths.

Attack Type

XSS

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1059.007 - JavaScript

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/isso-comments/isso/commit/0afbfe0691ee237963e8fb0b2ee01c9e55ca2144

Authors

Jelmer Vernooĳ

Vulnerability

CVE-2026-27469

Isso <0afbfe0 - Stored XSS

MEDIUM

CVSS 6.1