CVE-2024-29833

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description The image upload component is affected by an issue where it allows SVG files, and the regular expression used to remove script tags can be bypassed. This can be done by using a Cross Site Scripting payload that does not match the regular expression, such as including whitespace within the script tag. An attacker must target an authenticated user with permissions to access this feature. However, once the payload is uploaded, it becomes accessible to unauthenticated users as well.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.