Browsershot 3.57.3 - Server Side XSS to LFR via HTML
|Name||Browsershot 3.57.3 - Server Side XSS to LFR via HTML|
|Affected versions||Version 3.57.3|
|Kind||Server Side XSS|
|Rule||425. Server Side XSS|
|CVSSv3 Base Score||7.5|
Browsershot version 3.57.3 allows an external attacker to remotely
obtain arbitrary local files. This is possible because the application
does not validate that the JS content imported from an external source
passed to the
Browsershot::html method does not contain URLs that use
This vulnerability occurs because the application does not validate that
the JS content imported from an external source passed to the
Browsershot::html method does not contain URLs that use the
Evidence of exploitation
Our security policy
We have reserved the CVE-2022-43984 to refer to these issues from now on.
Version: Browsershot 3.57.3
Operating System: GNU/Linux
An updated version of Browsershot is available at the vendor page.
The vulnerability was discovered by Carlos Bello from Fluid Attacks' Offensive Team.
Vendor page https://github.com/spatie/browsershot
Vendor replied acknowledging the report.
Vendor Confirmed the vulnerability.