Arbitrary Code Execution via Reflected Cross-Site Scripting (XSS) in dmpop Mejiro Commit Versions Prior To 3096393

Arbitrary Code Execution via Reflected Cross-Site Scripting (XSS) in dmpop Mejiro Commit Versions Prior To 3096393

CVE-2023-46448 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images.

Learn more about our Web Application Penetration Testing UK.