PT-2023-31604 · Unknown · Cute Http File Server
Zhongdongxu
·
Published
2023-12-11
·
Updated
2023-12-22
·
CVE-2023-50639
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CuteHttpFileServer versions 1.0 through 2.0
Description
A Cross Site Scripting (XSS) issue allows attackers to obtain sensitive information via the file upload function on the home page.
Recommendations
For CuteHttpFileServer versions 1.0 and 2.0, consider disabling the file upload function until a patch is available.
Restrict access to the home page to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cute Http File Server