Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.
References
Link | Resource |
---|---|
https://vuln.ryotak.me/advisories/43 | Third Party Advisory |
https://github.com/dutchcoders/transfer.sh/pull/373 | Patch Third Party Advisory |
https://github.com/dutchcoders/transfer.sh/releases/tag/v1.2.4 | Third Party Advisory |
https://github.com/dutchcoders/transfer.sh/commit/9df18fdc69de2e71f30d8c1e6bfab2fda2e52eb4 | Patch Third Party Advisory |
Configurations
Information
Published : 2021-05-23 22:15
Updated : 2021-05-27 12:34
NVD link : CVE-2021-33496
Mitre link : CVE-2021-33496
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
dutchcoders
- transfer.sh