23 matches found
CVE-2024-6229
CVE-2024-6229 is a stored XSS vulnerability in stangirard/quivr’s Upload Knowledge feature. An attacker can upload a URL-based file containing malicious JavaScript, which is stored on the server and executed when users click the payload-containing link, potentially enabling data theft and session...
GHSA-Q24H-5RQ3-63J9 Incorrect Authorization in @uppy/companion
@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular na...
Incorrect Authorization in @uppy/companion
@uppy/companion prior to version 3.3.1 is vulnerable to incorrect authorization. A user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular na...