Moderate severityNVD Advisory· Published Apr 27, 2023· Updated Feb 13, 2025
CVE-2023-31285
CVE-2023-31285
Description
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Serenity.Net.CoreNuGet | < 6.7.0 | 6.7.0 |
Serenity.Net.ServicesNuGet | < 6.7.0 | 6.7.0 |
Affected products
3- Serenity/Serenedescription
- ghsa-coords2 versions
< 6.7.0+ 1 more
- (no CPE)range: < 6.7.0
- (no CPE)range: < 6.7.0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-93h6-wx7r-mgfpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-31285ghsaADVISORY
- packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.htmlghsaWEB
- seclists.org/fulldisclosure/2023/May/14ghsamailing-listWEB
- github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2ghsaWEB
- github.com/serenity-is/Serenity/commit/f54e9bfcf8ceb7f26f81a7362349bc1f63251d92ghsaWEB
- github.com/serenity-is/serene/commit/6dce8162f4382badd429a9f0f1470acb64e8c4fdghsaWEB
News mentions
0No linked articles in our index yet.