Vulnerability Details - CVE: CVE-2023-4978 - Type: CWE-79: Cross-site Scripting (XSS) - DOM - Severity: Critical (9) Vulnerability Description - Access to IPv4 search function. - Enter the payload in the IPv4 field to perform the search. - Enter the search button and the payload will be executed. Proof of Concept (PoC) - Video PoC: Link Impact - XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user's session cookie, allowing an attacker to hijack the user's session and take over the account. Can execute client side scripts etc. Affected Version - 23.8.0 Status - Fixed Discovery and Resolution Timeline - Reported on Aug 20th, 2023. - Validated by Tony Murray 2 years ago. - Marked as fixed in 23.9.0 with commit . Additional Comments - Maintainer Tony Murray noted that the POC video link is deleted and the Occurrences link is bogus. - Trunggg02 mentioned the video PoC link is still accessible. - Bounty awarded for disclosure and fix.