VYPR
Medium severity6.1NVD Advisory· Published Dec 27, 2018· Updated Jun 17, 2026

CVE-2018-20524

CVE-2018-20524

Description

The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of < in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.