CVE-2024-13141

Name of the Vulnerable Software and Affected Versions osuuu LightPicture versions 1.2.2 and earlier

Description A problematic vulnerability was found in osuuu LightPicture, affecting unknown code of the file "/api/upload" of the component SVG File Upload Handler. The manipulation of the argument file leads to cross-site scripting attacks. These attacks can be initiated remotely.

Recommendations For versions 1.2.2 and earlier, as a temporary workaround, consider disabling the "/api/upload" endpoint until a patch is available. Restrict access to the SVG File Upload Handler component to minimize the risk of exploitation. Avoid using the argument file in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.