CVE-2024-57277

Name of the Vulnerable Software and Affected Versions InnoShop versions 0.3.8 and below

Description The issue concerns Cross Site Scripting (XSS) via SVG file upload. This means an attacker could potentially inject malicious scripts into the system by uploading specially crafted SVG files, leading to the execution of unauthorized code on the client-side.

Recommendations For InnoShop versions 0.3.8 and below, consider disabling SVG file uploads until a patch is available to prevent potential Cross Site Scripting (XSS) attacks. Restrict access to the file upload feature to minimize the risk of exploitation.