Podatność CVE-2023-31285
Publikacja: 2023-04-27

Opis:
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens
Fabian Densborn
30.05.2023

 Referencje:
https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2
Copyright 2024, cxsecurity.com

 

Back to Top