3 matches found
CVE-2023-46238
ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to...
CVE-2023-46238
creationtimestamp| type| source ---|---|--- 2023-10-26 18:16:01+00:00| seen| https://t.me/cibsecurity/72969...
CVE-2023-46238
ZITADEL’s CVE-2023-46238 vulnerability affects the Avatar SVG upload feature. An attacker can exploit SVGs containing scripts due to a missing security header, potentially gaining access to a victim’s account when the SVG is opened in the browser during a active session. Impact is described as re...