Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Moderate severity
GitHub Reviewed
Published
Sep 30, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Sep 29, 2022
Published to the GitHub Advisory Database
Sep 30, 2022
Reviewed
Oct 1, 2022
Last updated
Jan 27, 2023
dutchcoders Transfer.sh versions 1.4.0 and prior are vulnerable to Cross Site Scripting (XSS) via a malicious document uploaded in transfer.sh. There is a fix commit merged into main for this issue, but an updated version has not yet been released.
References