CVE-2024-37879
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
20/09/2024
Last modified:
01/11/2024
Description
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo".
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM