PT-2023-31604 · Unknown · Cute Http File Server

Zhongdongxu

Publicado

2023-12-11

Atualizado

2023-12-22

CVE-2023-50639

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CuteHttpFileServer versions 1.0 through 2.0

Description A Cross Site Scripting (XSS) issue allows attackers to obtain sensitive information via the file upload function on the home page.

Recommendations For CuteHttpFileServer versions 1.0 and 2.0, consider disabling the file upload function until a patch is available. Restrict access to the home page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-50639

Produtos afetados

Cute Http File Server

PT-2023-31604 · Unknown · Cute Http File Server

CVE-2023-50639

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6