CVE-2024-5279

Name of the Vulnerable Software and Affected Versions Qiwen Netdisk versions up to 1.4.0

Description A vulnerability was found in the File Rename Handler component, which can be exploited to lead to cross-site scripting. The issue can be triggered by manipulating the input with a malicious string, such as <img src="" onerror="alert(document.cookie)">. This allows for remote attacks.

Recommendations For Qiwen Netdisk versions up to 1.4.0, update to a version later than 1.4.0 to resolve the issue. As a temporary workaround, consider restricting the use of the File Rename Handler component to minimize the risk of exploitation. Avoid using potentially malicious input in the affected component until the issue is resolved.