MEDIUM
Hashover Project
CVE published 2017-03-02
CVE-2017-6395
CVE-2017-6395 is a cross-site scripting flaw in HashOver 2.0 caused by insufficient filtration of user-supplied data passed to hashover/scripts/widget-output.php. An attacker can cause a victim’s browser to execute arbitrary HTML and script in the context of the vulnerable website.