Описание
MoonShine Arbitrary File Upload Vulnerability
An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file.
Пакеты
Наименование
moonshine/moonshine
composer
Затронутые версииВерсия исправления
< 3.12.5
3.12.5
Связанные уязвимости
CVSS3: 5.4
nvd
6 месяцев назад
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened.