Medium severity6.1NVD Advisory· Published Dec 27, 2018· Updated Jun 17, 2026
CVE-2018-20524
CVE-2018-20524
Description
The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of < in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).
Affected products
2- Range: = 2.4.0
Patches
Vulnerability mechanics
References
1- vul.su.ki/posts/Chat_Anywhere_2.4.0_XSS.md/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.