Опубликовано: 06 нояб. 2024
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1
Описание
UnoPim Cross-site Scripting vulnerability
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function.
The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies.
Пакеты
Наименование
unopim/unopim
composer
Затронутые версииВерсия исправления
< 0.1.4
0.1.4
Связанные уязвимости
CVSS3: 5.4
nvd
больше 1 года назад
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.