Cross-Site Scripting (XSS) via SVG Image Upload in ASUSTOR ADM 3.1.1 File Explorer

Cross-Site Scripting (XSS) via SVG Image Upload in ASUSTOR ADM 3.1.1 File Explorer

CVE-2018-12305 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.

Learn more about our Web Application Penetration Testing UK.