CVE-2024-53617

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-53617

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53617.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-53617

Published

2024-12-02T19:15:10Z

Modified

2025-10-22T05:33:50.529643Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

References

https://github.com/LibrePhotos/librephotos/commit/32237ddc0b6293a69b983a07b5ad462fcdd6c929
https://github.com/LibrePhotos/librephotos/pull/1476
https://github.com/ii5mai1/CVE-2024-53617

Affected packages

Git / github.com/librephotos/librephotos

Affected ranges

Type: GIT
Repo: https://github.com/librephotos/librephotos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

32237ddc0b6293a69b983a07b5ad462fcdd6c929

CVE-2024-53617

Affected packages

Git / github.com/librephotos/librephotos

Affected ranges

Affected versions

0.*

v0.*