A vulnerability allowed authenticated users (Author+) to upload malicious SVG files or inject scripts during site imports, leading to stored XSS. Attackers could execute JavaScript in visitors’ browsers.

This vulnerability affects the following application versions:

  • Starter Templates – AI-Powered Templates 0.4.4.0
  • Starter Templates – AI-Powered Templates 4.2.2
  • Starter Templates – AI-Powered Templates 4.2.3
  • Starter Templates – AI-Powered Templates 4.2.4
  • Starter Templates – AI-Powered Templates 4.2.5
  • Starter Templates – AI-Powered Templates 4.2.6
  • Starter Templates – AI-Powered Templates 4.3.0
  • Starter Templates – AI-Powered Templates 4.3.1
  • Starter Templates – AI-Powered Templates 4.3.2
  • Starter Templates – AI-Powered Templates 4.3.3
  • Starter Templates – AI-Powered Templates 4.3.4
  • Starter Templates – AI-Powered Templates 4.3.5
  • Starter Templates – AI-Powered Templates 4.3.6
  • Starter Templates – AI-Powered Templates 4.3.7
  • Starter Templates – AI-Powered Templates 4.3.8
  • Starter Templates – AI-Powered Templates 4.3.9
  • Starter Templates – AI-Powered Templates 4.4.0

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *