mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
922 B
922 B
CVE-2023-26146
&color=brighgreen)
Description
All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered.
POC
Reference
- https://gist.github.com/dellalibera/c53448135480cbe12257c4b413a90d20
- https://security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730766