CVE-2024-51492
CVE-2024-51492 affects Zusam prior to 0.5.6. A specially crafted SVG uploaded as an image enables stored XSS with unrestricted script execution on image load, potentially exfiltrating the user’s long‑lived session token/API key (valid indefinitely unless rotated). Version 0.5.6 fixes the vulnerab...