exploitDog

GHSA-jpw8-pqwm-4xc5

Опубликовано: 02 дек. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 4.8

Описание

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

Ссылки

EPSS

Процентиль: 88%

0.03899

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-53617

CVSS3: 4.8

nvd

около 1 года назад

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

EPSS

Процентиль: 88%

0.03899

Низкий

4.8 Medium

CVSS3

CVE ID

Дефекты

CWE-79