mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
1014 B
1014 B
CVE-2024-29882
&color=brighgreen)
Description
SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-<id>?callback=<payload> endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
POC
Reference
- https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7
- https://github.com/ossrs/srs/security/advisories/GHSA-gv9r-qcjc-5hj7