PT-2026-24814 · Git+1 · Plunk

Ormzro

·

Publicado

2026-03-11

·

Atualizado

2026-03-11

·

CVE-2026-32095

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Plunk versions prior to 0.7.1
Description Plunk is an email platform built on AWS SES. The image upload endpoint, ''/upload'', accepted SVG files. Browsers process SVG files as active documents, allowing embedded JavaScript to execute. This creates a stored cross-site scripting (XSS) issue. The upload function processes the uploaded files.
Recommendations Update to version 0.7.1 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-32095
GHSA-69JG-7493-CX5X

Produtos afetados

Plunk