Remote attackers can exploit this issue by injecting payloads into the name parameter of this file. This issue was reported to us by a security researcher. We are not aware of any exploit for this issue. Fix: Upgrade to latest available version. Risk: Medium XSS vulnerabilities can be exploited by malicious visitors to inject script code or perform other attacks on your website. Preventative measures include limiting access to sensitive files via .htaccess files and requiring signed in order to access restricted files. Contact hosting provider if you are unsure how to configure your Web server.

CVE-2023-36640

Remote attackers can exploit this issue by injecting payloads into the name parameter of this file. This issue was reported to us by a security researcher. We are not aware of any exploit for this issue. Fix: Upgrade to latest available version. Risk: Medium XSS vulnerabilities can be exploited by malicious visitors to inject script code or perform other attacks on your website. Preventative measures include limiting access to sensitive files via .htaccess files and requiring signed in order to access restricted files. Contact hosting provider if you are unsure how to configure your Web server.

CVE-2023-36650

Remote attackers can exploit this issue by injecting payloads into the name parameter of this file. This issue was reported to us by a security researcher. We are not aware of any exploit for this issue. Fix: Upgrade to latest available version. Risk: Low XSS vulnerabilities can be exploited by malicious visitors to inject script code or perform other attacks on your website. Preventative measures include limiting access to sensitive files via .htaccess files and requiring signed in order to access restricted files. Contact hosting provider if you are unsure how to configure your Web server.

Timeline

Published on: 09/02/2022 21:15:00 UTC
Last modified on: 09/08/2022 03:29:00 UTC

References