Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Aug 3, 2024
CVE-2021-30140
CVE-2021-30140
Description
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- LiquidFiles/LiquidFilesdescription
- Range: <=3.4.15
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/167228/LiquidFiles-3.4.15-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2022/May/41mitremailing-listx_refsource_FULLDISC
- gist.github.com/rodnt/9f7d368fac38cafa7334598ec94fb167mitrex_refsource_MISC
- liquidfiles.com/support.htmlmitrex_refsource_MISC
- www.tempest.com.brmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.