Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-93h6-wx7r-mgfp: Cross Site Scripting (XSS) in Serenity

An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.

ghsa
#xss#git

Cross Site Scripting (XSS) in Serenity

Moderate severity GitHub Reviewed Published Apr 27, 2023 to the GitHub Advisory Database • Updated Apr 27, 2023

Related news

Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens

Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection