Описание
Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users.
Ссылки
- ExploitThird Party Advisory
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:slinkapp:slink:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:slinkapp:slink:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:slinkapp:slink:1.6.3:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00076
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
5 месяцев назад
Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users.
EPSS
Процентиль: 23%
0.00076
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79