Security Advisory

CVE-2023-6142

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-20 23:24:48

Last updated 2025-05-19 13:54:39

Assigner Fluid Attacks

State PUBLISHED

Description

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.

← Browse all CVEs View on cve.org ↗