logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-6229

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-6229

Description:
A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever any user clicks on a link containing the payload, leading to potential data theft, session hijacking, and reputation damage.
Last updated date:
07/11/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
07/11/2024
Reference url to background

https://huntr.com/bounties/2ee71e9e-2cf5-41a4-8440-d75758018786

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy