| Titel | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Unrestricted Upload |
|---|
| Beschreibung | LearnHouse contains multiple vulnerabilities related to its file upload functionality. First, improper sanitization of SVG files allows for a Stored Cross-Site Scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the browsers of users viewing the malicious image. Second, the application fails to properly validate file types on the server-side, allowing for the upload of dangerous files such as Python scripts (.py). This could lead to Remote Code Execution (RCE), giving an attacker control over the server. Both vulnerabilities affect all versions up to commit 98dfad7. |
|---|
| Quelle | ⚠️ https://gist.github.com/KhanMarshaI/c06263648d8a807108801e1a4daf0ab9 |
|---|
| Benutzer | KhanMarshal (UID 89610) |
|---|
| Einreichung | 13.10.2025 11:57 (vor 6 Monaten) |
|---|
| Moderieren | 26.10.2025 17:01 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 329941 [LearnHouse bis 98dfad76aad70711a8113f6c1fdabfccf10509ca Account Setting Page previews Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|