Skip to main content

Quickdrop

1 CVEs product

Monthly

CVE-2026-35608 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in QuickDrop prior to version 1.5.3 allows unauthenticated remote attackers to execute arbitrary JavaScript in the context of the application domain by uploading a malicious SVG file via the file upload endpoint and triggering execution when any user views the file preview. The vulnerability requires user interaction (viewing the preview) but no authentication, making it moderately exploitable in multi-user deployment scenarios where file sharing is expected functionality.

XSS Quickdrop
NVD GitHub
CVSS 4.0
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in QuickDrop prior to version 1.5.3 allows unauthenticated remote attackers to execute arbitrary JavaScript in the context of the application domain by uploading a malicious SVG file via the file upload endpoint and triggering execution when any user views the file preview. The vulnerability requires user interaction (viewing the preview) but no authentication, making it moderately exploitable in multi-user deployment scenarios where file sharing is expected functionality.

XSS Quickdrop
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy