Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.
References
Link | Resource |
---|---|
https://www.mend.io/vulnerability-database/CVE-2022-32167 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mend
Published: 2022-09-20T14:45:19
Updated: 2022-09-20T14:45:19
Reserved: 2022-05-31T00:00:00
Link: CVE-2022-32167
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-20T15:15:10.557
Modified: 2022-09-21T19:21:10.017
Link: CVE-2022-32167
JSON object: View
Redhat Information
No data.
CWE