CVE-2024-42055

Cervantes through 0.5-alpha allows stored XSS...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

CVE-2024-42055

CVE-2024-42055 affects Cervantes up to version 0.5-alpha and involves a stored XSS vulnerability. Affected component details are not expanded beyond this description in the provided sources. The PT-2024-29715 notice suggests upgrading to a version that includes a fix, but no specific patched vers...

CVE-2024-42054

CVE-2024-42054 affects Cervantes up to version 0.5-alpha, where the product accepts insecure file uploads. The connected documents confirm the core issue is insecure file upload handling, but do not provide concrete technical details (e.g., affected components, exact vectors, or patch versions). ...

CVE-2024-42054

Cervantes through 0.5-alpha accepts insecure file uploads...

CVE-2024-42055

Cervantes through 0.5-alpha allows stored XSS...

PT-2024-29714 · Cervantes · Cervantes

Name of the Vulnerable Software and Affected Versions: Cervantes versions through 0.5-alpha Description: The issue allows for insecure file uploads. Recommendations: For versions through 0.5-alpha, consider restricting file upload functionality until a secure version is available. As a temporary...