sim <=1.0.0 Dangerous type of file upload (CWE-434)정보

제목	simstudioai https://github.com/simstudioai/sim <=1.0.0 Dangerous type of file upload (CWE-434)
설명	The project's file upload functionality (/api/files/upload) in versions <=1.0.0 that allows uploading arbitrary HTML files without any security processing, and this functionality can be accessed without any authentication requirements. This allows attackers to upload malicious HTML containing XSS payloads without requiring any account, resulting in a stored XSS vulnerability.
원천	⚠️ https://github.com/simstudioai/sim/issues/958
사용자	ZAST.AI (UID 87884)
제출	2025. 08. 25. PM 12:48 (9 개월 ago)
모더레이션	2025. 09. 01. PM 02:38 (7 days later)
상태	수락
VulDB 항목	322115 [SimStudioAI sim 까지 ed9b9ad83f1a7c61f4392787fb51837d34eeb0af HTML File Parser route.ts import 파일 권한 상승]
포인트들	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!