Stefanprodan: >> Podinfo >> 3.1.0 Security Vulnerabilities
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-03