Duckbreast

Name of the Vulnerable Software and Affected Versions QuickDrop versions prior to 1.5.3 Description QuickDrop, a file sharing application, contains a stored cross-site scripting (XSS) issue in the file preview functionality. The application allows the upload of SVG files via the `/api/file/upload-chunk` endpoint. An attacker can upload a crafted SVG file containing a JavaScript payload. When a user views the file preview, the script executes within the application's domain. Recommendations Update to version 1.5.3 or later.