{
  "id": "CVE-2023-6551",
  "sourceIdentifier": "cvd@cert.pl",
  "published": "2024-01-04T16:15:09.380",
  "lastModified": "2024-01-04T18:46:53.270",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. \n\n\nDevelopers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. \n\n\nThe README has been updated to include these guidelines.\n\n\n"
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "cvd@cert.pl",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6551",
      "source": "cvd@cert.pl"
    },
    {
      "url": "https://cert.pl/posts/2024/01/CVE-2023-6551",
      "source": "cvd@cert.pl"
    }
  ]
}