CVE-2022-36303 Information

Description

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.

Reference

https://github.com/serghey-rodin/vesta/issues/2252