← volver
CVE-2020-29071

CVE-2020-29071

EPSS 1.6%
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lean0x2f.github.io/liquidfiles_advisoryhttps://man.liquidfiles.com/release_notes/version_3-3-x.html