Количество 2
Количество 2
CVE-2026-22257
Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can upload a file. This issue has been patched in version 0.88.1.
GHSA-54m3-5fxr-2f3j
Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22257 Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can upload a file. This issue has been patched in version 0.88.1. | CVSS3: 8.8 | 0% Низкий | 12 дней назад |
| GHSA-54m3-5fxr-2f3j Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names | CVSS3: 8.8 | 0% Низкий | 12 дней назад |
Уязвимостей на страницу