Cross-Site Scripting Vulnerability in CyberChef Software by GCHQ
CVE-2019-15532

6.1MEDIUM

Key Information:

Vendor

Gchq

Status
Cyberchef
Vendor
CVE Published:
26 August 2019

What is CVE-2019-15532?

CyberChef, a web-based tool for data manipulation, contains a vulnerability that allows for Cross-Site Scripting (XSS) in the TextEncodingBruteForce operation. This flaw can potentially enable attackers to execute malicious scripts in a user's browser, leading to unauthorized actions or data theft. Users are advised to upgrade to version 8.31.2 or later to mitigate this security risk.

References

https://github.com/gchq/CyberChef/issues/544
x_refsource_MISC
https://github.com/gchq/CyberChef/issues/539
x_refsource_MISC
https://github.com/gchq/CyberChef/commit/01f0625d6a177f9c...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.