CVE-2024-50637

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-50637

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50637.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-50637

Aliases

GHSA-hv6m-qj65-26q3

Published

2024-11-06T17:15:20Z

Modified

2025-07-01T16:09:37.685572Z

Summary

[none]

Details

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.

References

https://github.com/unopim/unopim/issues/41
https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md
https://github.com/unopim/unopim/releases/tag/v0.1.4

Affected packages

Git / github.com/unopim/unopim

Affected ranges

Type: GIT
Repo: https://github.com/unopim/unopim
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b6a4afce7970f9c47d8e50b0a9fd1d5640fda546

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3