PT-2019-10233 · Tecrail · Tecrail Responsive Filemanager
Farisv
·
Publicado
2019-02-25
·
Atualizado
2019-02-25
·
CVE-2018-20791
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
tecrail Responsive FileManager version 9.13.4
Description:
The issue arises from the mishandling of the media preview action, allowing for a cross-site scripting (XSS) attack when a media file is uploaded with an XSS payload in its name.
Recommendations:
For version 9.13.4, update to a newer version that addresses this issue, as the current version allows for XSS attacks via media file uploads with malicious payloads in the file names.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tecrail Responsive Filemanager