4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
LockerProject Locker Error Response registry.js authIsAwesome cross site scripting
A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
References
- VDB-350383 | LockerProject Locker Error Response registry.js authIsAwesome cross site scripting vdb-entry technical-description
- VDB-350383 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
- Submit #767231 | LockerProject Locker <=0.1.0 Reflected XSS third-party-advisory
- https://github.com/LockerProject/Locker/issues/963 issue-tracking
- https://github.com/LockerProject/Locker/issues/963#issue-3988004027 issue-tracking exploit
- https://github.com/LockerProject/Locker/ product
Affected products
- ==0.0.0
- ==0.1.0
- ==0.0.1
Matching in nixpkgs
pkgs.dislocker
Read BitLocker encrypted partitions in Linux
-
nixos-unstable 0.7.3-unstable-2025-09-07
- nixpkgs-unstable 0.7.3-unstable-2025-09-07
- nixos-unstable-small 0.7.3-unstable-2025-09-07
-
nixos-25.11 0.7.3-unstable-2025-09-07
- nixos-25.11-small 0.7.3-unstable-2025-09-07
- nixpkgs-25.11-darwin 0.7.3-unstable-2025-09-07
pkgs.tuxclocker
Qt overclocking tool for GNU/Linux
pkgs.lightlocker
Simple session-locker for LightDM
pkgs.tuxclocker-plugins
Qt overclocking tool for GNU/Linux
pkgs.gnomeExtensions.blocker
Block content (ads, trackers, malware, etc) across your computer. You need to install hBlock on your computer to use this extension. Follow the instructions in this link: https://github.com/pesader/gnome-shell-extension-blocker/wiki/Installing-hBlock.
pkgs.libsForQt5.kscreenlocker
None
pkgs.tuxclocker-nvidia-plugin
Qt overclocking tool for GNU/Linux
pkgs.kdePackages.kscreenlocker
Library and components for secure lock screen architecture
pkgs.tuxclocker-without-unfree
Qt overclocking tool for GNU/Linux
pkgs.plasma5Packages.kscreenlocker
None
pkgs.python312Packages.portalocker
Library to provide an easy API to file locking
pkgs.python313Packages.portalocker
Library to provide an easy API to file locking
pkgs.python314Packages.portalocker
Library to provide an easy API to file locking
Package maintainers
-
@elitak Eric Litak <elitak@gmail.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@K900 Ilya K. <me@0upti.me>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@obadz obadz <obadz-nixos@obadz.com>
-
@davidak David Kleuker <post@davidak.de>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@Lurkki14 Jussi Kuokkanen <jussi.kuokkanen@protonmail.com>