| Titre | simstudioai https://github.com/simstudioai/sim <=1.0.0 Dangerous type of file upload (CWE-434) |
|---|
| Description | The project's file upload functionality (/api/files/upload) in versions <=1.0.0 that allows uploading
arbitrary HTML files without any security processing, and this functionality can be accessed without
any authentication requirements. This allows attackers to upload malicious HTML containing XSS payloads
without requiring any account, resulting in a stored XSS vulnerability. |
|---|
| La source | ⚠️ https://github.com/simstudioai/sim/issues/958 |
|---|
| Utilisateur | ZAST.AI (UID 87884) |
|---|
| Soumission | 25/08/2025 12:48 (il y a 9 mois) |
|---|
| Modérer | 01/09/2025 14:38 (7 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 322115 [SimStudioAI sim HTML File Parser route.ts import Fichier élévation de privilèges] |
|---|
| Points | 20 |
|---|