CVE-2022-40931

Name of the Vulnerable Software and Affected Versions Transfer.sh versions 1.4.0 and prior

Description The issue is related to Cross Site Scripting (XSS) and can be triggered via a malicious document uploaded in transfer.sh. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Transfer.sh versions 1.4.0 and prior, consider restricting the upload of documents to trusted sources until an updated version is released. As a temporary workaround, consider implementing additional validation and sanitization for uploaded documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.