Vulnerability Details - CVE: CVE-2023-4978 - Type: CWE-79: Cross-site Scripting (XSS) - DOM - Severity: Critical (9) Vulnerability Description - Access to IPv4 search function. - Enter the payload in the IPv4 field to perform the search. - Click the search button and the payload will be executed. Proof of Concept (PoC) - Video PoC: Link Impact - XSS can cause a variety of problems for the end user, ranging in severity from minor annoyance to complete account compromise. The most severe XSS attacks involve the disclosure of the user's session cookie, enabling an attacker to hijack the user's session and take over the account. Attackers can also execute client-side scripts, among other malicious actions. Affected Version - 23.8.0 Status - Fixed Discovery and Resolution Timeline - Reported on August 20th, 2023. - Validated by Tony Murray 2 years ago. - Marked as fixed in version 23.9.0 with commit . Additional Comments - Maintainer Tony Murray noted that the POC video link has been deleted and the Occurrences link is invalid. - Trunggg02 mentioned that the video PoC link is still accessible. - A bounty was awarded for the disclosure and fix.