CVE-2024-25801

Опубликовано: 22 фев. 2024

Источник: nvd

CVSS3: 6.1

CVSS3: 4.6

EPSS Низкий

Описание

SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file.

Ссылки

https://shrouded-trowel-50c.notion.site/S-Museum-Version-7-02-3-Stored-Cross-Site-Scripting-69ca7b8805cc448ea12cb8f7ed571fa3?pvs=4
Broken Link
https://shrouded-trowel-50c.notion.site/S-Museum-Version-7-02-3-Stored-Cross-Site-Scripting-69ca7b8805cc448ea12cb8f7ed571fa3?pvs=4
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:skinsoft:s-museum:7.02.3:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00092

Низкий

6.1 Medium

CVSS3

4.6 Medium

CVSS3

Дефекты

CWE-79

CWE-434

Связанные уязвимости

GHSA-7r9f-99vw-hx7g

CVSS3: 6.1

github

почти 2 года назад

An arbitrary file upload vulnerability in the Add Media function of SKINsoft S-Museum v7.02.3 allows attackers to execute arbitrary code via a crafted PDF file.

EPSS

Процентиль: 26%

0.00092

Низкий

6.1 Medium

CVSS3

4.6 Medium

CVSS3

Дефекты

CWE-79

CWE-434