Headline
GHSA-93h6-wx7r-mgfp: Cross Site Scripting (XSS) in Serenity
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.
Cross Site Scripting (XSS) in Serenity
Moderate severity GitHub Reviewed Published Apr 27, 2023 to the GitHub Advisory Database • Updated Apr 27, 2023
Related news
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens
Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.