Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Homarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG Upload
Vulnerability Description
Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the "credentials-admin" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
homarr 代码问题漏洞
Vulnerability Description
homarr是Thomas Camlong个人开发者的一个可定制的浏览器主页,用于与主服务器的 Docker 容器进行交互。 homarr 1.43.3之前版本存在代码问题漏洞,该漏洞源于恶意上传的SVG文件可能导致存储型跨站脚本攻击,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A