First published: Wed Dec 01 2021(Updated: )
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture
Credit: vulnerabilitylab@mend.io vulnerabilitylab@mend.io
Affected Software | Affected Version | How to fix |
---|---|---|
Okfn Ckan | >=2.9.0<=2.9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.