October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.
{ "nvd_published_at": "2024-10-02T20:15:11Z", "cwe_ids": [ "CWE-434", "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-10-02T22:35:21Z" }