Overview
- Description
- UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-616
Social media
- Hype score
- Not currently trending
CVE-2024-52305 SVG XSS Vulnerability in UnoPim Allows Admin Session Hijacking UnoPim is a free Product Information Management system. It uses the Laravel framework. There is a vulnerability in the Create User pro... https://t.co/BSnZjY3G7z
@VulmonFeeds
13 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-52305 UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the c… https://t.co/W3FrNlm4q7
@CVEnew
13 Nov 2024
251 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes