CVE-2024-28434

Sažetak

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.

Reference

https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434
https://github.com/twentyhq/twenty
https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434
https://github.com/twentyhq/twenty

CVSS

Base:	7.6
Impact:	4.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	HIGH	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

Zadnje važnije ažuriranje

18-09-2025 - 16:40

Objavljeno

25-03-2024 - 14:15