PT-2026-2187 · Salvo · Salvo

Ahmedmokhtari

+2

·

Publicado

2026-01-08

·

Atualizado

2026-03-05

·

CVE-2026-22257

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.88.1
Description Salvo is a Rust web backend framework. The list html function generates a file view of a folder without sanitizing file or folder names. This can lead to Cross-Site Scripting (XSS) if a website allows access to public files and anyone can upload files. The issue is exploitable through file uploads with malicious names.
Recommendations Versions prior to 0.88.1 should be updated to version 0.88.1 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-22257
GHSA-54M3-5FXR-2F3J

Produtos afetados

Salvo