Описание
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-57277
- https://github.com/innocommerce/innoshop/issues/115
- https://github.com/innocommerce/innoshop/commit/7ccc90d2b549e14460efc4f758b01adbd080e7ff
- https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Innocommerce/Findings.md
- https://youtu.be/ved96wsIYlQ
Связанные уязвимости
CVSS3: 5.7
nvd
около 1 года назад
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.