What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.18.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Stored XSS.This issue affects Accessibility Suite: from n/a through <= 4.18.
Explanation of Vulnerability in Simple Terms
Ability, Inc Accessibility Suite versions 4.18 and earlier allow authenticated users to upload files without proper validation. An attacker with low-level access can upload malicious files that may affect the confidentiality, integrity, or availability of the site. User interaction is required to trigger the upload. The scope of impact extends beyond the vulnerable component.
What an attacker can do
Upload files without validation to compromise site confidentiality, integrity, or availability.
Potential impact on your site
Malicious files uploaded by attackers with low privileges could compromise your site's data or functionality.
Conditions required to exploit
Attacker must have low-level authenticated access and trick a user into visiting a malicious page.
Key dates
External resources