Описание
Cross site scripting in Cloudreve
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.
Пакеты
Наименование
github.com/HFO4/cloudreve
go
Затронутые версииВерсия исправления
>= 1.0.0, <= 2.0.0
Отсутствует
Наименование
github.com/cloudreve/Cloudreve/v3
go
Затронутые версииВерсия исправления
>= 3.0.0, < 3.6.0-beta1
3.6.0-beta1
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.