PT-2025-21570 · Dumb Drop · Dumb Drop
4Rdr
·
Published
2025-05-15
·
Updated
2025-05-15
·
CVE-2025-47929
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions:
DumbDrop versions prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b
Description:
The issue is related to a DOM cross-site scripting vulnerability in the upload functionality. A user could be tricked into uploading a file with a malicious payload.
Recommendations:
For versions prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b, update to a version that includes the fix commit db27b25372eb9071e63583d8faed2111a2b79f1b to resolve the issue. As a temporary workaround, consider restricting the upload functionality to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dumb Drop