Toocheke Companion
Monthly
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in Toocheke Companion browser extension versions through 1.194, allowing authenticated attackers to inject malicious scripts that execute in the context of a user's web session. An attacker with login credentials can craft malicious input that bypasses input sanitization during web page generation, enabling session hijacking, credential theft, or malware distribution. While no active KEV exploitation or public proof-of-concept has been disclosed for this CVE, the CVSS 6.5 score reflects moderate severity due to the requirement for user interaction and authenticated access.
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in Toocheke Companion browser extension versions through 1.194, allowing authenticated attackers to inject malicious scripts that execute in the context of a user's web session. An attacker with login credentials can craft malicious input that bypasses input sanitization during web page generation, enabling session hijacking, credential theft, or malware distribution. While no active KEV exploitation or public proof-of-concept has been disclosed for this CVE, the CVSS 6.5 score reflects moderate severity due to the requirement for user interaction and authenticated access.