CVE-2024-5279
LOWQiwen Netdisk <1.4.0 - XSS
Title source: llmDescription
A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component File Rename Handler. The manipulation with the input <img src="" onerror="alert(document.cookie)"> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266083.
Exploits (1)
Scores
CVSS v3
3.5
EPSS
0.0014
EPSS Percentile
33.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
Qiwen/Netdisk
1.0
Qiwen/Netdisk
1.1
Qiwen/Netdisk
1.2
Qiwen/Netdisk
1.3
Qiwen/Netdisk
1.4
Published
May 23, 2024
Tracked Since
Feb 18, 2026