Tamil Mathi

**Name of the Vulnerable Software and Affected Versions** ThingsBoard versions prior to 4.2.1 **Description** The software contains a stored cross-site scripting (XSS) issue within the dashboard's Image Upload Gallery feature. An attacker can upload a Scalable Vector Graphics (SVG) file containing malicious JavaScript. This JavaScript may be executed when the file is rendered in the user interface. The issue is due to inadequate sanitization and improper content-type validation of uploaded SVG files. **Recommendations** Update to version 4.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** ThingsBoard versions prior to 4.2.1 **Description** The software contains a server-side request forgery (SSRF) issue within the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file referencing a remote URL. If the server processes the SVG file and parses external references, it may initiate unintended outbound requests, potentially allowing access to internal services or resources. Server-Side Request Forgery (SSRF) is a web security issue that allows an attacker to make requests on behalf of a server. **Recommendations** Update to version 4.2.1 or later.