MEDIUM🇵🇱 Wersja polska

CVE-2021-44043

CVSS 5.4v3.1pub. 2021-12-14upd. 2024-11-21

An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Uipath App Studio

    APP
    Uipath
    21.4.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2021-44041CRITICAL9.8ten sam vendor

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --de...

CVE-2021-44042CRITICAL9.8ten sam vendor

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argum...

CVE-2018-17305HIGH8.8ten sam vendor

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary user...

CVE-2018-19855MEDIUM5.5ten sam vendor

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and T...