| タイトル | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Unrestricted Upload |
|---|
| 説明 | LearnHouse contains multiple vulnerabilities related to its file upload functionality. First, improper sanitization of SVG files allows for a Stored Cross-Site Scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the browsers of users viewing the malicious image. Second, the application fails to properly validate file types on the server-side, allowing for the upload of dangerous files such as Python scripts (.py). This could lead to Remote Code Execution (RCE), giving an attacker control over the server. Both vulnerabilities affect all versions up to commit 98dfad7. |
|---|
| ソース | ⚠️ https://gist.github.com/KhanMarshaI/c06263648d8a807108801e1a4daf0ab9 |
|---|
| ユーザー | KhanMarshal (UID 89610) |
|---|
| 送信 | 2025年10月13日 11:57 (6 月 ago) |
|---|
| モデレーション | 2025年10月26日 17:01 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 329941 [LearnHouse 迄 98dfad76aad70711a8113f6c1fdabfccf10509ca Account Setting Page previews クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|