Medium severity6.1NVD Advisory· Published Nov 20, 2024· Updated Jun 17, 2026
CVE-2024-52597
CVE-2024-52597
Description
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One of the accepted types of image is SVG, which allows JS scripting. Therefore, by uploading a malicious SVG which contains JS code, an attacker which is able to drive a victim to the uploaded image could compromise that victim's session and access to their tokens. Version 5.4.1 contains a patch for the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Bubka/2FAuthv5Range: < 5.4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.