CVE-2017-10975

MEDIUM

Lutim < 0.7.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename.

References (1)

[Exploit, Third Party Advisory] https://framagit.org/luc/lutim/issues/40

Scores

CVSS v3 6.1

EPSS 0.0022

EPSS Percentile 44.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

lutim_project/lutim < 0.7.1

n/a/n/a

Published Jul 06, 2017

Tracked Since Feb 18, 2026