Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
References
Link | Resource |
---|---|
https://blinger.io/ | Vendor Advisory |
https://github.com/Security-AVS/CVE-2019-13633 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-19T19:17:28
Updated: 2020-10-19T19:17:28
Reserved: 2019-07-17T00:00:00
Link: CVE-2019-13633
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-19T20:15:12.587
Modified: 2020-10-28T16:43:31.963
Link: CVE-2019-13633
JSON object: View
Redhat Information
No data.
CWE