Описание
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.
Пакеты
Наименование
FormCMS
nuget
Затронутые версииВерсия исправления
< 0.5.7
0.5.7
Связанные уязвимости
CVSS3: 6.1
nvd
5 месяцев назад
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.