CVE-2017-10975

Name of the Vulnerable Software and Affected Versions Lutim versions prior to 0.8

Description A cross-site scripting (XSS) issue exists, potentially allowing remote attackers to inject arbitrary web script or HTML via a crafted filename. This occurs when the filename is mishandled in an upload notification and in the myfiles component, provided the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename.

Recommendations For versions prior to 0.8, update to version 0.8 or later to resolve the issue. As a temporary workaround, consider restricting the upload of files with potentially malicious filenames to minimize the risk of exploitation.