CVE-2024-53617

4.8 MEDIUM
Published: December 02, 2024 Modified: April 15, 2026
View on NVD

Description

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/LibrePhotos/librephotos/commit/32237ddc0b6293a69b983a07b5ad462fcdd6c929
Source: cve@mitre.org
https://github.com/LibrePhotos/librephotos/pull/1476
Source: cve@mitre.org
https://github.com/ii5mai1/CVE-2024-53617
Source: cve@mitre.org

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.8 / 10.0
EPSS (Exploit Probability)
4.0%
88th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79 CWE-639

Related CVEs

CVE-2026-6569 7.3
CVE-2026-6568 7.3
CVE-2026-6564 4.3
CVE-2026-6563 8.8
CVE-2026-6562 7.3