CVE-2023-26771

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 4, 2024

Updated: Oct 7, 2024

CWE ID 79

Summary

CVE-2023-26771 is a Cross-Site Scripting (XSS) vulnerability affecting Taskcafe version 0.3.2. The issue lies in the lack of validation for filetypes during SVG profile picture uploads. An attacker, once authenticated, can exploit this flaw by uploading a malicious SVG file containing an XSS payload. Upon opening the contaminated file, the victim is at risk of having their browser execute the attacker's malicious code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rt0zwY
https://www.cve.org/CVERecord?id=CVE-2023-26771
https://nvd.nist.gov/vuln/detail/CVE-2023-26771

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2023-26771

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations