A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever any user clicks on a link containing the payload, leading to potential data theft, session hijacking, and reputation damage.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-07-07T15:22:38.743Z

Updated: 2024-08-01T21:33:05.163Z

Reserved: 2024-06-20T20:29:12.955Z

Link: CVE-2024-6229

cve-icon Vulnrichment

Updated: 2024-08-01T21:33:05.163Z

cve-icon NVD

Status : Modified

Published: 2024-07-07T16:15:02.013

Modified: 2024-11-21T09:49:14.513

Link: CVE-2024-6229

cve-icon Redhat

No data.