9 matches found
EUVD-2024-45364
Malicious code in bioql PyPI...
CVE-2024-51492
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
CVE-2024-51492
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
CVE-2024-51492 Zusam vulnerable to stored XSS, allowing token theft via crafted SVG
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
CVE-2024-51492
CVE-2024-51492 affects Zusam prior to 0.5.6. A specially crafted SVG uploaded as an image enables stored XSS with unrestricted script execution on image load, potentially exfiltrating the user’s long‑lived session token/API key (valid indefinitely unless rotated). Version 0.5.6 fixes the vulnerab...
CVE-2024-51492 Zusam vulnerable to stored XSS, allowing token theft via crafted SVG
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
CVE-2024-51492 Zusam vulnerable to stored XSS, allowing token theft via crafted SVG
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
Zusam 跨站脚本漏洞
Zusam is a free and open source approach to Zusam Open Source. It is used to host private forums. A cross-site scripting vulnerability exists in versions of Zusam prior to 0.5.6, which stems from a specially crafted SVG file that allows unrestricted script execution when uploaded as an image to t...
PT-2024-34656 · Zusam · Zusam
Name of the Vulnerable Software and Affected Versions: Zusam versions prior to 0.5.6 Description: The issue allows for unrestricted script execution on image load when specially crafted SVG files are uploaded to the service. This can lead to the theft of a target user's long-lived session token,...