CVE-2024-44794

Name of the Vulnerable Software and Affected Versions PicUploader version fcf82ea

Description A cross-site scripting (XSS) issue exists in the /master/auth/OnedriveRedirect.php component, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error description parameter.

Recommendations For PicUploader version fcf82ea, consider restricting access to the /master/auth/OnedriveRedirect.php component until a patch is available. As a temporary workaround, avoid using the error description parameter in the affected API endpoint until the issue is resolved.