An issue exists in hledger prior to 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an malicious user to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hledger hledger |