Описание
Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can upload a file. This issue has been patched in version 0.88.1.
EPSS
Процентиль: 2%
0.00014
Низкий
8.8 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 8.8
github
12 дней назад
Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names
EPSS
Процентиль: 2%
0.00014
Низкий
8.8 High
CVSS3
Дефекты
CWE-79