Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Taskcafe Project
Taskcafe Project taskcafe |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:taskcafe_project:taskcafe:*:*:*:*:*:*:*:* | |
Vendors & Products |
Taskcafe Project
Taskcafe Project taskcafe |
|
Metrics |
cvssV3_1
|
Fri, 04 Oct 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-10-04T00:00:00
Updated: 2024-10-04T22:16:58.497Z
Reserved: 2023-02-27T00:00:00
Link: CVE-2023-26771
Vulnrichment
Updated: 2024-10-04T21:59:44.241Z
NVD
Status : Awaiting Analysis
Published: 2024-10-04T19:15:15.967
Modified: 2024-10-07T19:36:20.177
Link: CVE-2023-26771
Redhat
No data.