Stored Cross-site Scripting in Hashtopussy by s3inlc
CVE-2017-11682
6.1MEDIUM
What is CVE-2017-11682?
A vulnerability in Hashtopussy version 0.4.0 allows remote attackers to exploit stored cross-site scripting by injecting arbitrary web scripts or HTML. This can occur through the parameters 'version', 'url', or 'rootdir' in the hashcat.php file, potentially leading to unauthorized actions and data exposure on affected systems. It is critical for users to validate all user inputs and employ proper security measures to mitigate this risk.
