XSS vulnerability in OpenPLC 3 via SVG document as profile picture
CVE-2024-37741

5.4MEDIUM

Key Information:

Vendor: OpenPLC
Status: Openplc V3 Firmware
Vendor: CVE Published:; 28 June 2024

What is CVE-2024-37741?

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.

References

https://github.com/thiagoralves/OpenPLC_v3/issues/242

https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53...

https://1d8.github.io/cves/cve_2024_37741/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 28, 2024
Vulnerability Reserved
Jun 10, 2024

.