PT-2026-30909 · Quickdrop · Quickdrop
Duckbreast
·
Published
2026-04-07
·
Updated
2026-04-10
·
CVE-2026-35608
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
QuickDrop versions prior to 1.5.3
Description
QuickDrop, a file sharing application, contains a stored cross-site scripting (XSS) issue in the file preview functionality. The application allows the upload of SVG files via the
/api/file/upload-chunk endpoint. An attacker can upload a crafted SVG file containing a JavaScript payload. When a user views the file preview, the script executes within the application's domain.Recommendations
Update to version 1.5.3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quickdrop