fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -> ApiUploadHandler.post causes stored XSS
CPE | Name | Operator | Version |
---|---|---|---|
fast-poster | eq | 2.8.0 | |
fast-poster | eq | 1.3.3 | |
fast-poster | eq | V1.2.2 | |
fast-poster | eq | 2.4.1 | |
fast-poster | eq | 2.7.1 | |
fast-poster | eq | 2.13.0 | |
fast-poster | eq | 2.10.0 | |
fast-poster | eq | 2.9.0 | |
fast-poster | eq | 2.11.0 | |
fast-poster | eq | 1.5.4 |