Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: June 22, 2022
OverviewIn habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.
DetailsIn habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.
After successful login of a user, the XSS payload will get executed.
and login as a valid user.
After successful login, the XSS will be triggered.
Affected Environmentshabitica versions v4.119.0-v4.232.2
PreventionUpgrade to habitica version v4.233.0
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||None|
|User Interaction (UI):||Required|