Lucene search
Veracode Vulnerability DatabaseVERACODE:48278HistoryJul 31, 2024 - 5:26 a.m.
Cross-Site Scripting (XSS)
2024-07-3105:26:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
quivr
software
xss
vulnerability
url uploads
javascript payloads
attackers
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.3
Confidence
High
quivr is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper sanitization of URL uploads, allowing users to insert malicious JavaScript payloads. Attackers can use this to execute JavaScript whenever any user clicks on a link containing the payload.
Related
vulnrichment
vulnrichment
CVE-2024-6229 Stored XSS in stangirard/quivr
2024-07-07 15:22:38
cve
cve
CVE-2024-6229
2024-07-07 16:15:02
cvelist
cvelist
CVE-2024-6229 Stored XSS in stangirard/quivr
2024-07-07 15:22:38
nvd
nvd
CVE-2024-6229
2024-07-07 16:15:02
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
6.3
Confidence
High
Related for VERACODE:48278