CVE-2023-46448

Name of the Vulnerable Software and Affected Versions dmpop Mejiro versions prior to 3096393

Description The issue is a Reflected Cross-Site Scripting (XSS) vulnerability that allows attackers to run arbitrary code via a crafted string in the metadata of uploaded images. This can be exploited by attackers to execute malicious scripts.

Recommendations For versions prior to 3096393, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the upload of images or limiting access to the image upload feature until a patch is available. Avoid using the vulnerable image upload functionality until the issue is resolved.