Freeter Persistent Cross-Site Scripting Vulnerability

A persistent cross-site scripting vulnerability has been identified in Freeter version 1.2.1. This vulnerability allows attackers to store malicious scripts in custom widget titles and files. When victims interact with the application, these scripts are executed, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, with the executed payloads having the potential to enable remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, create a custom widget title or file that includes a malicious script payload. Once this payload is saved, it will execute when the application is interacted with, such as through mouse movements or clicks. Additionally, sending a malicious file containing a script payload can trigger the execution chain, leading to remote code execution when the file is opened.