Cloudreve - Stored XSS
CVE-2022-32167
5.4MEDIUM
What is CVE-2022-32167?
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.
Affected Version(s)
Cloudreve 3.0.0-beta
Cloudreve <= 3.5.3
