FileCodeBox Stored Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in FileCodeBox versions through 2.2. This issue arises from inadequate input validation in the text sharing feature, allowing attackers to inject arbitrary JavaScript into shared 'codeboxes'. The injected script is executed automatically in the browsers of users who access the compromised codebox via a link or share code.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the affected codebox.
Reproduction
To reproduce this vulnerability, create a text codebox in FileCodeBox version 2.2 or earlier. Inject JavaScript code into the codebox and share it. When a user accesses the codebox through the shared link or by entering the share code, the injected script will execute automatically in their browser.
Remediation
Users can update to FileCodeBox version 2.2 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.