UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. ¶¶ The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies. | UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies. |
Wed, 06 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Unopim
Unopim unopim |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:unopim:unopim:0.1.3:*:*:*:*:*:*:* | |
Vendors & Products |
Unopim
Unopim unopim |
|
Metrics |
cvssV3_1
|
Wed, 06 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. ¶¶ The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-06T00:00:00
Updated: 2024-11-07T14:06:04.383094
Reserved: 2024-10-28T00:00:00
Link: CVE-2024-50637
Vulnrichment
Updated: 2024-11-06T20:00:52.147Z
NVD
Status : Awaiting Analysis
Published: 2024-11-06T17:15:20.680
Modified: 2024-11-07T14:15:16.780
Link: CVE-2024-50637
Redhat
No data.