PT-2024-27728 · Openplc · Openplc

1D8

Published

2024-06-28

Updated

2024-07-03

CVE-2024-37741

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenPLC versions 3 through 9cd8f1b

Description The issue allows for XSS via an SVG document when used as a profile picture.

Recommendations For versions 3 through 9cd8f1b, avoid using SVG documents as profile pictures until a fix is available. As a temporary workaround, consider restricting the upload of SVG files to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-37741

Affected Products

Openplc

PT-2024-27728 · Openplc · Openplc

CVE-2024-37741

Weakness Enumeration

Related Identifiers

Affected Products

References · 4