CVE-2023-42180

Name of the Vulnerable Software and Affected Versions lenosp versions 1.0 through 1.2.0

Description The issue allows attackers to execute HTML code via a crafted JPG file. This is achieved through an arbitrary file upload vulnerability in the /user/upload component.

Recommendations For versions 1.0 through 1.2.0, consider disabling the /user/upload component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary file uploads. Avoid using the component for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.