VULHUB ™

Reportedly OpenBB is affected by an arbitrary avatar file upload vulnerability. This issue is due to a failure of the application to restrict the file types that are uploaded. This issue may allow a malicious user displaying their avatar file with their posts to have arbitrary, client-side script executed in an unsuspecting user's browser within the context if the affected website; facilitating HTML injection. This this may lead to cookie based authentication credential theft as well as other attacks.

Reportedly OpenBB is affected by an arbitrary avatar file upload vulnerability. This issue is due to a failure of the application to restrict the file types that are uploaded. This issue may allow a malicious user displaying their avatar file with their posts to have arbitrary, client-side script executed in an unsuspecting user's browser within the context if the affected website; facilitating HTML injection. This this may lead to cookie based authentication credential theft as well as other attacks.