Cloudreve - Stored XSS
CVE-2022-32167

5.4MEDIUM

Key Information:

Vendor

Cloudreve

Status
Vendor
CVE Published:
20 September 2022

What is CVE-2022-32167?

Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.

Affected Version(s)

Cloudreve 3.0.0-beta

Cloudreve <= 3.5.3

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Elkabes
.