Security Advisory

CVE-2023-26771

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-04 00:00:00

Last updated 2024-10-04 22:16:58

Assigner mitre

State PUBLISHED

Description

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file.

← Browse all CVEs View on cve.org ↗