CVE-2022-32167

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/cloudreve/Cloudreve/v3

Identifiers

GHSA-fg25-gq9g-32mx, CVE-2022-32167

Package Slug

go/github.com/cloudreve/Cloudreve/v3

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cloudreve versions v1.0.0 through v3.5.3 is vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.

Affected Versions

All versions starting from 3.0.0 up to 3.5.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-27

source