CVE-2024-5279 | Qiwen Netdisk up to 1.4.0 File Rename cross site scripting (I8W3H2)

Inserito da Angelo Barbosa | Mag 23, 2024 | CVE

A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component File Rename Handler. The manipulation with the input <img src="" onerror="alert(document.cookie)"> leads to cross site scripting.

This vulnerability is known as CVE-2024-5279. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-5279 | Qiwen Netdisk up to 1.4.0 File Rename cross site scripting (I8W3H2)

Post correlati

CVE-2024-28698 | Marimer CSLA .Net up to 7.x MobileFormatter path traversal

CVE-2024-20401 | Cisco Secure Email Content Scanning/Message Filtering absolute path traversal (cisco-sa-esa-afw-bGG2UsjH)

CVE-2024-40393 | Online Clinic Management System 1.0 login.php user sql injection

CVE-2023-6198 | Baicells Snap Router up to 1.3.5.10_NAC on EP3011 User Passwords Module hard-coded credentials