CVE-2024-37741 Information

Description

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.

Reference

https://github.com/thiagoralves/OpenPLC_v3/issues/242 https://github.com/thiagoralves/OpenPLC_v3/blob/9cd8f1b53a50f9d38708096bfc72bcbb1ef47343/webserver/pages.py#L992 https://1d8.github.io/cves/cve_2024_37741/