← back
CVE-2022-1045

Stored XSS viva .svg file upload in polonel/trudesk

CVSS 9 CRITICALEPSS 1.5%CWE-434
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
polonel · polonel/trudesk

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/polonel/trudesk/commit/c4b262c2613d4a8865de0b3252112544bd81997ahttps://huntr.dev/bounties/b0c4f992-4ac8-4479-82f4-367ed1a2a826