CVE-2024-37741

June 28, 2024, 1:38 p.m.

Tags

cve@mitre.org
2024-06-28
CVE-2024-37741

Product(s) Impacted

OpenPLC

  • 3 through 9cd8f1b

Description

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.

Weaknesses

Date

Published: June 28, 2024, 1:15 p.m.

Last Modified: June 28, 2024, 1:38 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

cve@mitre.org

References

https://1d8.github.io/cves/cve_2024_37741/
cve@mitre.org
https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992
cve@mitre.org
https://github.com/thiagoralves/OpenPLC_v3/issues/242
cve@mitre.org