| عنوان | simstudioai https://github.com/simstudioai/sim <=1.0.0 Dangerous type of file upload (CWE-434) |
|---|
| الوصف | The project's file upload functionality (/api/files/upload) in versions <=1.0.0 that allows uploading
arbitrary HTML files without any security processing, and this functionality can be accessed without
any authentication requirements. This allows attackers to upload malicious HTML containing XSS payloads
without requiring any account, resulting in a stored XSS vulnerability. |
|---|
| المصدر | ⚠️ https://github.com/simstudioai/sim/issues/958 |
|---|
| المستخدم | ZAST.AI (UID 87884) |
|---|
| ارسال | 25/08/2025 12:48 PM (9 أشهر منذ) |
|---|
| الاعتدال | 01/09/2025 02:38 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 322115 [SimStudioAI sim حتى ed9b9ad83f1a7c61f4392787fb51837d34eeb0af HTML File Parser route.ts import ملف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|