CVE-2024-28434

Name of the Vulnerable Software and Affected Versions Twenty version 0.3.0

Description The CRM platform is vulnerable to stored cross-site scripting via file upload. A crafted svg file can trigger the execution of the javascript code.

Recommendations For version 0.3.0, consider disabling the file upload feature until a patch is available. Restrict access to uploaded files to minimize the risk of exploitation. Avoid using the file upload functionality with svg files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.