CVE-2023-26771

Published: Oct 4, 2024

Modified: Oct 4, 2024

PUBLISHED

Description

Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/JordanKnott/taskcafe

https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-26771

Description

Affected Products

References