Cp0204 Quark-Auto-Save vulnerabilities
2 known vulnerabilities affecting cp0204/quark-auto-save.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-45229P2HIGHCVSS 8.8fixed in 0.8.52026-05-13
CVE-2026-45229 [HIGH] CWE-915 CVE-2026-45229: Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that
Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the config_data dictionary. Attackers can exploit insufficient deny-list filtering to permanently replace stored login credentials, lock out leg
nvd
CVE-2026-45228P4MEDIUMCVSS 5.4fixed in 0.8.52026-05-13
CVE-2026-45228 [MEDIUM] CWE-79 CVE-2026-45228: Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configur
Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configuration page where the template renders push_config key names using Vue.js's v-html directive without escaping. Authenticated attackers can inject HTML or JavaScript payloads as key names through the POST /update endpoint, which are persisted to disk and
nvd