CVE-2025-70849

Published: Feb 3, 2026

Modified: Feb 5, 2026

PUBLISHED

Description

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/kazisabu/27f3e272f474005001a9ecd2c258dbea

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-70849

Description

Affected Products

References