Blind-Intruder

**Name of the Vulnerable Software and Affected Versions** Transfer.sh versions 1.4.0 and prior **Description** The issue is related to Cross Site Scripting (XSS) and can be triggered via a malicious document uploaded in transfer.sh. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Transfer.sh versions 1.4.0 and prior, consider restricting the upload of documents to trusted sources until an updated version is released. As a temporary workaround, consider implementing additional validation and sanitization for uploaded documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.