Описание
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.
Ссылки
EPSS
Процентиль: 9%
0.00033
Низкий
6.4 Medium
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 6.4
github
6 месяцев назад
In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG.
EPSS
Процентиль: 9%
0.00033
Низкий
6.4 Medium
CVSS3
Дефекты
CWE-434