Rickshang

**Name of the Vulnerable Software and Affected Versions** Gotify server versions prior to 2.2.2 **Description** The Gotify server contains an issue that allows authenticated users to upload .html files, which can lead to the execution of client-side scripts if another user opens a link. This could potentially allow an attacker to take over the account of the user who clicked the link. The Gotify UI does not natively expose such malicious links, so an attacker would need to get the user to open the link outside of Gotify. The issue can be exploited through links such as `https://push.example.org/image/[alphanumeric string].html`. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 to resolve the issue. As a temporary workaround, consider blocking access to non-image files via a reverse proxy in the `./image` directory.