CVE-2023-31285

MEDIUM

Serenity Serene <6.7.0 - XSS

Title source: llm

Description

An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.

References (3)

Core 3

Core References

Patch, Vendor Advisory

https://github.com/serenity-is/Serenity/commit/11b9d267f840513d04b4f4d4876de7823a6e48d2

View Patch ZIP pw:eip

Mailing List mailing-list

http://seclists.org/fulldisclosure/2023/May/14

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172648/Serenity-StartSharp-Software-File-Upload-XSS-User-Enumeration-Reusable-Tokens.html

Scores

CVSS v3 6.1

EPSS 0.0090

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (4)

nuget/Serenity.Net.Core 0 - 6.7.0NuGet

nuget/Serenity.Net.Services 0 - 6.7.0NuGet

serenity/serene < 6.7.0

serenity/startsharp < 6.7.0

Published Apr 27, 2023

Tracked Since Feb 18, 2026