CVE-2024-53617

MEDIUM

LibrePhotos <commit 32237 - XSS

Title source: llm

Description

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

Exploits (1)

nomisec WORKING POC

by ii5mai1 · poc

https://github.com/ii5mai1/CVE-2024-53617

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/ii5mai1/CVE-2024-53617

[Patch] https://github.com/LibrePhotos/librephotos/commit/32237ddc0b6293a69b983a07b5ad462fcdd6c929

[Issue Tracking] https://github.com/LibrePhotos/librephotos/pull/1476

Scores

CVSS v3 4.8

EPSS 0.0529

EPSS Percentile 90.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639 CWE-79

Status published

Published Dec 02, 2024

Tracked Since Feb 18, 2026