An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code (via SCRIPT elements, event handlers, etc.). Since this code is stored by the plugin, the attacker may be able to target anyone who opens the configuration panel of the plugin.
References
Link | Resource |
---|---|
https://github.com/davidrthorn/cross_reference/issues/32 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-31T08:00:00
Updated: 2019-01-31T08:57:01
Reserved: 2019-01-31T00:00:00
Link: CVE-2019-7250
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-01-31T09:29:00.673
Modified: 2019-02-01T01:00:52.877
Link: CVE-2019-7250
JSON object: View
Redhat Information
No data.
CWE