CVE-2022-43263 An XSS vulnerability in Arobas Music Guitar Pro before v1.10.2 allows attackers to execute arbitrary web scripts or HTML.

A cross-site request forgery (CSRF) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to hijack the authentication of arbitrary users by exploiting a misconfigured site.

A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary JavaScript code in users’ browser sessions via a crafted string.

A cross-site request forgery (CSRF) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to hijack the authentication of arbitrary users by exploiting a misconfigured site.

A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary JavaScript code in users’ browser sessions via a crafted string.

A cross-site request forgery (CSRF) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to hijack the authentication of arbitrary users by exploiting a misconfigured site.

A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to execute arbitrary JavaScript code in users’ browser sessions via a crafted string.

A cross-site request for

Parts of the vulnerable application

The application is vulnerable in three different parts:
1. CSRF vulnerability
2. XSS vulnerability
3. CSRF vulnerability

Operation Scenarios

1. An attacker wants to steal personal information from the victim
2. An attacker wants to access their account
3. An attacker wants to get into the social media account of the victim
4. An attacker has a way of getting into their email account
5. The attacker is able to install malware on their device

Timeline

Published on: 11/16/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:41:00 UTC

References