CVE-2024-50637

MEDIUM

UnoPim < 0.1.4 - Stored Cross-Site Scripting via SVG Upload in Create User Function

Title source: llm
STIX 2.1

Description

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.

Scores

CVSS v3 5.4
EPSS 0.0037
EPSS Percentile 29.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
unopim/unopim 0 - 0.1.4Packagist
webkul/unopim < 0.1.4
Published Nov 06, 2024
Tracked Since Feb 18, 2026