Description
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.
Remediation
References
https://github.com/94fzb/zrlog/issues/39
Related Vulnerabilities
CVE-2020-36049 Vulnerability in npm package socket.io-parser
CVE-2018-15685 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-26487 Vulnerability in npm package vega
CVE-2020-8127 Vulnerability in npm package reveal.js
CVE-2022-1330 Vulnerability in maven package org.webjars.bower:fullpage.js