Lucene search
K

12 matches found

Exploit DB
Exploit DB
added 2026/05/07 12:0 a.m.76 views

ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)

Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link: https://github.com/thingsboard/thingsboard Version: . When ThingsBoard processes the uploaded SVG server-side, it...

9.1CVSS5.8AI score0.01658EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/10/20 6:23 p.m.4 views

CVE-2025-34281

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS5.6AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/17 9:31 p.m.4 views

EUVD-2025-34907

ThingsBoard versions 4.2.1 contain a stored cross-site scripting XSS vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG file containing malicious JavaScript, which may be executed when the file is rendered in the UI. This issue results from insufficient...

5.1CVSS5.3AI score0.00345EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/17 9:31 p.m.7 views

ThingsBoard vulnerable to stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature

ThingsBoard versions 4.2.1 contain a stored cross-site scripting XSS vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG file containing malicious JavaScript, which may be executed when the file is rendered in the UI. This issue results from insufficient...

6.2CVSS5.1AI score0.00345EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/10/17 9:31 p.m.5 views

GHSA-FPQ4-R87V-G246 ThingsBoard vulnerable to stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature

ThingsBoard versions 4.2.1 contain a stored cross-site scripting XSS vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG file containing malicious JavaScript, which may be executed when the file is rendered in the UI. This issue results from insufficient...

5.4CVSS5.2AI score0.00345EPSS
Exploits0References8
OSV
OSV
added 2025/10/17 7:15 p.m.4 views

CVE-2025-34281

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

5.4CVSS5.6AI score0.00345EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/17 6:33 p.m.2 views

CVE-2025-34282 ThingsBoard < v4.2.1 SVG Image SSRF

ThingsBoard versions 4.2.1 contain a server-side request forgery SSRF vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a malicious SVG file that references a remote URL. If the server processes the SVG file in a way that parses external references, it may...

6.9CVSS6.8AI score0.01658EPSS
Exploits2References3
CVE
CVE
added 2025/10/17 6:33 p.m.11 views

CVE-2025-34281

ThingsBoard vulnerability CVE-2025-34281 affects pre-4.2.1 releases. An authenticated user can upload malicious SVGs via the Image Gallery, enabling Stored XSS when the image is loaded by a browser (e.g., through public API access or iframe embedding during widget creation/deployment on dashboard...

6.2CVSS5.4AI score0.00345EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/17 6:33 p.m.2 views

CVE-2025-34281 Stored Cross-Site Scripting (XSS) in ThingsBoard

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS5.4AI score0.00345EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/17 6:33 p.m.8 views

CVE-2025-34281 Stored Cross-Site Scripting (XSS) in ThingsBoard

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS0.00345EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.4 views

ThingsBoard 安全漏洞

ThingsBoard is a Java-based platform for IOT devices for monitoring, management, and data collection by the ThingsBoard team. A security vulnerability exists in ThingsBoard versions prior to 4.2.1 that stems from a server-side request forgery in the Image Upload Gallery feature of the dashboard,...

9.1CVSS6.7AI score0.01658EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/10/17 12:0 a.m.5 views

PT-2025-42641

Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1 Description The software contains a stored cross-site scripting XSS issue within the dashboard's Image Upload Gallery feature. An attacker can upload a Scalable Vector Graphics SVG file containing malicious...

6.2CVSS5AI score0.00345EPSS
Exploits0References13
Rows per page
Query Builder