Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution
Vulnerability Description
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScript payload. When any user views the file preview, the script executes in the context of the application's domain. This vulnerability is fixed in 1.5.3.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
QuickDrop 跨站脚本漏洞
Vulnerability Description
QuickDrop是Rostislav个人开发者的一个自托管匿名文件分享应用,支持分块上传与加密存储。 QuickDrop 1.5.3之前版本存在跨站脚本漏洞,该漏洞源于文件预览端点存在存储型跨站脚本漏洞,允许上传包含JavaScript有效载荷的特制SVG文件,可能导致脚本在应用程序环境中执行。
CVSS Information
N/A
Vulnerability Type
N/A