| Titel | zhousg https://github.com/zhousg/letao <=1.0.0 Dangerous type of file upload (CWE-434) |
|---|
| Beschreibung | The project uses formidable with keepExtensions set to true, and has insecure file upload checking mechanisms. It allows attackers to upload malicious files with arbitrary extensions, potentially creating attack vectors for stored Cross-Site Scripting (XSS) |
|---|
| Quelle | ⚠️ https://github.com/zhousg/letao/issues/13 |
|---|
| Benutzer | ZAST.AI (UID 87884) |
|---|
| Einreichung | 21.07.2025 11:43 (vor 11 Monaten) |
|---|
| Moderieren | 24.07.2025 17:19 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 317513 [zhousg letao bis 7d8df0386a65228476290949e0413de48f7fbe98 routes\bf\product.js pictrdtz erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|