Metrics
Affected Vendors & Products
Tue, 19 Nov 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Webkul
Webkul unopim |
|
CPEs | cpe:2.3:a:webkul:unopim:*:*:*:*:*:*:*:* | |
Vendors & Products |
Webkul
Webkul unopim |
Wed, 13 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Unopim
Unopim unopim |
|
CPEs | cpe:2.3:a:unopim:unopim:*:*:*:*:*:*:*:* | |
Vendors & Products |
Unopim
Unopim unopim |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 13 Nov 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5. | |
Title | UnoPim Stored XSS : Cookie hijacking through Create User function | |
Weaknesses | CWE-616 CWE-692 |
|
References |
| |
Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-13T15:20:20.679Z
Updated: 2024-11-13T19:25:30.116Z
Reserved: 2024-11-06T19:00:26.397Z
Link: CVE-2024-52305
Updated: 2024-11-13T19:24:57.019Z
Status : Analyzed
Published: 2024-11-13T16:15:20.473
Modified: 2024-11-19T18:04:12.680
Link: CVE-2024-52305
No data.