UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function.
The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies.
{ "nvd_published_at": "2024-11-06T17:15:20Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-11-06T20:21:56Z" }