Hamzaoui Mohamed

**Name of the Vulnerable Software and Affected Versions** toeverything AFFiNE versions prior to 0.24.1 **Description** A security issue exists in toeverything AFFiNE up to version 0.24.1 related to the Avatar Upload Image Endpoint. This can be exploited to perform cross site scripting. The attack can be launched remotely. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.