Количество 2
Количество 2
CVE-2025-70849
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS).
GHSA-mw8w-q3f7-2v85
Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-70849 Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS). | CVSS3: 6.1 | 0% Низкий | 5 дней назад |
| GHSA-mw8w-q3f7-2v85 Podinfo affected by Arbitrary File Upload that leads to Stored Cross-Site Scripting (XSS) | CVSS3: 6.1 | 0% Низкий | 5 дней назад |
Уязвимостей на страницу