CVE-2024-39318

The CVE-2024-39318 entry maps to a concrete DOM-based XSS in the Ibexa Admin UI Bundle file-upload widget. The vulnerability stems from insufficient sanitization of filenames, allowing XSS payloads to be executed during upload when the attacker has upload-permission (typically authenticated edito...

PT-2024-28442 · Ibexa · Ibexa Admin Ui Bundle

Name of the Vulnerable Software and Affected Versions: Ibexa Admin UI Bundle affected versions not specified Description: The file upload widget in the Ibexa Admin UI Bundle is vulnerable to XSS payloads in filenames. Access permission to upload files is required, which is typically only granted ...