PT-2022-25873 · Unknown · Picuploader
Enferaso
·
Published
2022-10-07
·
Updated
2022-10-11
·
CVE-2022-41442
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PicUploader version 2.6.3
Description
A cross-site scripting (XSS) issue was found in the setStorageParams function within SettingController.php.
Recommendations
For PicUploader version 2.6.3, update the SettingController.php file to fix the setStorageParams function, ensuring proper input validation and sanitization to prevent XSS attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Picuploader