CVE-2024-13141 | osuuu LightPicture up to 1.2.2 SVG File Upload /api/upload file cross site scripting

Posted by Angelo Barbosa | Jan 4, 2025 | CVE

A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting.

This vulnerability was named CVE-2024-13141. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-13141 | osuuu LightPicture up to 1.2.2 SVG File Upload /api/upload file cross site scripting

Related Posts

CVE-2024-3596 | RADIUS Protocol RFC 2865 Response weak hash

CVE-2024-39827 | Zoom Workplace Desktop App on Windows denial of service (ZSB-24024)

CVE-2023-51649 | Nautobot up to 1.6.7/2.0.x Job Button authorization (ID 4988)

CVE-2024-0301 | fhs-opensource iparking 1.5.22.RELEASE PayTempOrderAction.java getData sql injection