Moderate severityNVD Advisory· Published Nov 6, 2024· Updated Nov 7, 2024

CVE-2024-50637

Description

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
unopim/unopimPackagist	< 0.1.4	0.1.4

Affected products

UnoPim/UnoPimcpe-rescue
ghsa-coords
pkg:composer/unopim/unopim
Range: < 0.1.4

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-hv6m-qj65-26q3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-50637ghsaADVISORY
github.com/unopim/unopim/issues/41ghsaWEB
github.com/unopim/unopim/releases/tag/v0.1.4ghsaWEB
github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.mdghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000