CVE-2024-50637: UnoPim Cross-site Scripting vulnerability

November 6, 2024

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function.

The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies.

References

github.com/advisories/GHSA-hv6m-qj65-26q3
github.com/unopim/unopim
github.com/unopim/unopim/issues/41
github.com/unopim/unopim/releases/tag/v0.1.4
github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md
nvd.nist.gov/vuln/detail/CVE-2024-50637

Detect and mitigate CVE-2024-50637 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →