3 matches found
CVE-2023-6142 Dev Blog v1.0 - Stored XSS
Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...
CVE-2023-6142
Dev Blog v1.0 is affected by an XSS vulnerability triggered via an unrestricted file upload with poor filename entropy. An attacker can upload a malicious HTML file and then guess the filename to deliver it to a victim. Affected component: Dev Blog (Node.js/Express/MongoDB) v1.0; root cause: lack...
CVE-2023-6144 Dev Blog v1.0 - ATO
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...