VYPR
Unrated severityNVD Advisory· Published Dec 27, 2018· Updated Sep 17, 2024

CVE-2018-20524

CVE-2018-20524

Description

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of < in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.