PT-2024-29369 · Bjyadmin · Bjyadmin
Published
2024-08-29
·
Updated
2024-09-04
·
CVE-2024-41350
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
bjyadmin version a560fd5
Description
The issue is related to Cross Site Scripting (XSS) in the bjyadmin commit a560fd5. This vulnerability comes from the
imageUp.php file located in the Public/statics/umeditor1 2 3/php directory.Recommendations
For version a560fd5, consider disabling access to the
imageUp.php file until a patch is available. Restrict access to the Public/statics/umeditor1 2 3/php directory to minimize the risk of exploitation. Avoid using the imageUp.php file in the affected API endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bjyadmin