CVE-2024-25712
- Reference to the description:
- Description:
- http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files.
- Last updated date:
- 01/16/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/16/2025
- Reference url to background
https://cosmosofcyberspace.github.io/improper_http_method_leads_to_xss/poc.html