cvedb.io
CVE-2024-52305
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2024-11-13T16:15:20.473 · Last modified 2026-06-17T08:06:58.763

Summary

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5.

Affected products

webkul — unopim

Does this affect you?

Add your gear to cvedb and we'll alert you only when webkul ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.