CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30095
https://notcve.org/view.php?id=CVE-2023-30095
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. • https://github.com/totaljs/messenger/issues/11 https://www.edoardoottavianelli.it/CVE-2023-30095 https://www.youtube.com/watch?v=2k7e9E0Cw0Y • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30096
https://notcve.org/view.php?id=CVE-2023-30096
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. • https://github.com/totaljs/messenger/issues/10 https://www.edoardoottavianelli.it/CVE-2023-30096 https://www.youtube.com/watch?v=ZA7R001kE2w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30097
https://notcve.org/view.php?id=CVE-2023-30097
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. • https://github.com/totaljs/messenger/issues/9 https://www.edoardoottavianelli.it/CVE-2023-30097 https://www.youtube.com/watch?v=VAlbkvOm_DU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •