| Title | zhousg https://github.com/zhousg/letao <=1.0.0 Dangerous type of file upload (CWE-434) |
|---|
| Description | The project uses formidable with keepExtensions set to true, and has insecure file upload checking mechanisms. It allows attackers to upload malicious files with arbitrary extensions, potentially creating attack vectors for stored Cross-Site Scripting (XSS) |
|---|
| Source | ⚠️ https://github.com/zhousg/letao/issues/13 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 07/21/2025 11:43 (11 months ago) |
|---|
| Moderation | 07/24/2025 17:19 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317513 [zhousg letao up to 7d8df0386a65228476290949e0413de48f7fbe98 routes\bf\product.js pictrdtz unrestricted upload] |
|---|
| Points | 17 |
|---|