Описание
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication.
This issue was fixed in version 1.1.24.
EPSS
Процентиль: 43%
0.0021
Низкий
Дефекты
CWE-79
Связанные уязвимости
github
3 месяца назад
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication. This issue was fixed in version 1.1.24.
EPSS
Процентиль: 43%
0.0021
Низкий
Дефекты
CWE-79