Enviar #641129: simstudioai https://github.com/simstudioai/sim <=1.0.0 Dangerous type of file upload (CWE-434)información

Títulosimstudioai https://github.com/simstudioai/sim <=1.0.0 Dangerous type of file upload (CWE-434)
DescripciónThe project's file upload functionality (/api/files/upload) in versions <=1.0.0 that allows uploading arbitrary HTML files without any security processing, and this functionality can be accessed without any authentication requirements. This allows attackers to upload malicious HTML containing XSS payloads without requiring any account, resulting in a stored XSS vulnerability.
Fuente⚠️ https://github.com/simstudioai/sim/issues/958
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-08-25 12:48 (hace 10 meses)
Moderación2025-09-01 14:38 (7 days later)
EstadoAceptado
Entrada de VulDB322115 [SimStudioAI sim hasta ed9b9ad83f1a7c61f4392787fb51837d34eeb0af HTML File Parser route.ts import Archivo escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!