CVE-2024-50637 Information

Description

UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. ¶¶ The vulnerability allows attackers to perform XSS in SVG file extension which can be used to stealing cookies.

Reference

https://github.com/unopim/unopim/issues/41 https://github.com/unopim/unopim/releases/tag/v0.1.4 https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md