Lucene search
Veracode Vulnerability DatabaseVERACODE:40414HistoryMay 08, 2023 - 11:52 a.m.
Cross-Site Scripting (XSS)
2023-05-0811:52:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cross-site scripting
serenity.net
html files
vulnerability
upload
EPSS
0.001
Percentile
37.8%
serenity.net.services and serenity.net.core are vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly check for specific prohibited file types, allowing an attacker to upload malicious .html or .htm files containing XSS payloads.
References
packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html
seclists.org/fulldisclosure/2023/May/14
github.com/advisories/GHSA-93h6-wx7r-mgfp
github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2
github.com/serenity-is/Serenity/commit/f54e9bfcf8ceb7f26f81a7362349bc1f63251d92
Related
prion
prion
Cross site scripting
2023-04-27 03:15:00
osv
osv
CVE-2023-31285
2023-04-27 03:15:10
Cross Site Scripting (XSS) in Serenity
2023-04-27 03:30:23
cvelist
cvelist
CVE-2023-31285
2023-04-27 00:00:00
github
github
Cross Site Scripting (XSS) in Serenity
2023-04-27 03:30:23
cve
cve
CVE-2023-31285
2023-04-27 03:15:10
nvd
nvd
CVE-2023-31285
2023-04-27 03:15:10
packetstorm
packetstorm