cvedb.io
CVE-2023-31285
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2023-04-27T03:15:10.107 · Last modified 2026-06-17T05:56:43.173

Summary

An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.

Affected products

serenity — serene

Does this affect you?

Add your gear to cvedb and we'll alert you only when serenity ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.