Primary

Context

DumbDrop DOM-Based Cross-Site Scripting Vulnerability in File Upload Feature

Vulnerability

A DOM-based cross-site scripting vulnerability has been identified in DumbDrop, a file upload application, within the upload functionality prior to the fix implemented in commit db27b25372eb9071e63583d8faed2111a2b79f1b. This vulnerability allows a user to be deceived into uploading a file containing a malicious payload.

Impact

Exploitation of this vulnerability allows for DOM-based cross-site scripting, where an uploaded file can execute scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, upload a file named with a .csv extension that includes a payload designed to execute JavaScript, such as an image tag with an 'onerror' event. The uploaded file will trigger the script execution, demonstrating the cross-site scripting vulnerability.

Remediation

Users should update to the latest version of DumbDrop, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.5

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DumbDrop DOM-Based Cross-Site Scripting Vulnerability in File Upload Feature

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating