exploitDog

GHSA-x7hp-f23m-66mj

Опубликовано: 25 мар. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.6

Описание

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.

Ссылки

EPSS

Процентиль: 32%

0.00123

Низкий

7.6 High

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-28434

CVSS3: 7.6

nvd

почти 2 года назад

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.

EPSS

Процентиль: 32%

0.00123

Низкий

7.6 High

CVSS3

CVE ID

Дефекты

CWE-79