Submeter #641129: simstudioai https://github.com/simstudioai/sim <=1.0.0 Dangerous type of file upload (CWE-434)informação

Títulosimstudioai https://github.com/simstudioai/sim <=1.0.0 Dangerous type of file upload (CWE-434)
DescriçãoThe project's file upload functionality (/api/files/upload) in versions <=1.0.0 that allows uploading arbitrary HTML files without any security processing, and this functionality can be accessed without any authentication requirements. This allows attackers to upload malicious HTML containing XSS payloads without requiring any account, resulting in a stored XSS vulnerability.
Fonte⚠️ https://github.com/simstudioai/sim/issues/958
Utilizador
 ZAST.AI (UID 87884)
Submissão25/08/2025 12h48 (há 9 meses)
Moderação01/09/2025 14h38 (7 days later)
EstadoAceite
Entrada VulDB322115 [SimStudioAI sim até ed9b9ad83f1a7c61f4392787fb51837d34eeb0af HTML File Parser route.ts import Ficheiro Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!