Description
Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2017-2613 | Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename. |
References
| Link | Providers |
|---|---|
| https://framagit.org/luc/lutim/issues/40 |
|
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T23:01:20.599Z
Reserved: 2017-07-06T00:00:00.000Z
Link: CVE-2017-10975
No data.
Status : Modified
Published: 2017-07-06T14:29:00.183
Modified: 2026-06-17T01:01:01.523
Link: CVE-2017-10975
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD