Exploit Title: [There is a PDF XSS vulnerability in file upload function of CuteHttpFileServer] Google Dork: [CuteHttpFileServer] Date: [December 5th, 2023] Exploit Author: [zhongdongxu] Vendor Homepage: [http://iscute.cn/chfs] Software Link: [https://github.com/ods-im/CuteHttpFileServer] Version: [CuteHttpFileServer/v1.0 - CuteHttpFileServer/v2.0] Tested on: [windows/remote] CVE : [CVE-2023-50639] detail: for example, File upload function is here. I uploaded a PDF with malicious code. When the user opens it in Google Chrome,the code will be triggered. PDF file for uploading. result1.pdf The URL with vulnerabilities were replied to in the email,thank you!
