Back to search
CVE-2026-35608
Published: Apr 7, 2026
Modified: Apr 7, 2026
PUBLISHED
Description
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScript payload. When any user views the file preview, the script executes in the context of the application's domain. This vulnerability is fixed in 1.5.3.
| Vendor | Product | Versions |
|---|---|---|
RoastSlav | quickdrop | affected < 1.5.3 |
Weaknesses (CWE)
References
https://github.com/RoastSlav/quickdrop/releases/tag/v1.5.3
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now