← voltar
CVE-2020-29071

CVE-2020-29071

EPSS 1.6%
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lean0x2f.github.io/liquidfiles_advisoryhttps://man.liquidfiles.com/release_notes/version_3-3-x.html