Vulnerability CVE-2023-31285


Published: 2023-04-27

Description:
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.

See advisories in our WLB2 database:
Topic
Author
Date
High
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens
Fabian Densborn
30.05.2023

 References:
https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2

Copyright 2024, cxsecurity.com

 

Back to Top