dutchcoders Transfer.sh versions 1.4.0 and prior are vulnerable to Cross Site Scripting (XSS) via a malicious document uploaded in transfer.sh. There is a fix commit merged into main for this issue, but an updated version has not yet been released.
{ "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-10-01T01:01:50Z", "nvd_published_at": "2022-09-29T16:15:00Z", "cwe_ids": [ "CWE-79" ] }