ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting

ONLYOFFICE Docs DocumentServer = 8.3.1 contains a reflected XSS caused by improper sanitization of crafted HTTP POST requests via the WOPI protocol, letting attackers inject malicious scripts reflected in HTML response, exploit requires crafted POST requests. id: CVE-2025-5301 info: name:...

CVE-2026-5301

This CVE affects CoolerControl/coolercontrol-ui prior to version 4.0.0, where a Stored XSS in the log viewer could be exploited by unauthenticated attackers via poisoned log entries. The root cause is unvalidated/sanitized user input rendered in log viewing functionality, enabling JavaScript exec...

CVE-2026-5301

creationtimestamp| type| source ---|---|--- 2026-04-08 04:16:43+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-5301 2026-04-08 14:47:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miyjy73k7v2g 2026-04-08 15:16:22+00:00| seen|...

CVE-2025-5301

creationtimestamp| type| source ---|---|--- 2025-06-12 08:33:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18154 2025-06-12 09:08:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrfl4yrqxp25 2025-12-04 09:54:41+00:00| confirmed|...

CVE-2025-5301

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

ONLYOFFICE Docs DocumentServer in versions equal and below 8.3.1 are affected by a reflected cross-site scripting XSS issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response...

Linux Distros Unpatched Vulnerability : CVE-2015-5301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.2 and 1.1.x before 1.1.1 does not properly check permissions, which...

CVE-2024-5301

Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...

CVE-2024-5301

CVE-2024-5301 affects Kofax Power PDF. The flaw is in PSD file parsing, where the length of user-supplied data is not properly validated before copying into a fixed-length heap-based buffer, enabling remote code execution when a user opens a malicious PSD file or visits a malicious page. Exploita...

CVE-2024-5301 Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...

MAL-2024-648 Malicious code in wlwz-2312-5301 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86163aecf0ef7f4d9e376d7d04d9874fe1b30306d89b5a85b05c75740fb24a7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-5301 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86163aecf0ef7f4d9e376d7d04d9874fe1b30306d89b5a85b05c75740fb24a7f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu 16.04 ESM : libtorrent vulnerability (USN-4790-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4790-1 advisory. It was discovered that libtorrent incorrectly handled chunked headers. A remote attacker could possibly use this to cause a crash resulting in a denial of service...

CVE-2023-5301

creationtimestamp| type| source ---|---|--- 2023-09-30 23:19:25+00:00| seen| https://t.me/cibsecurity/71360...

CVE-2023-5301

CVE-2023-5301 affects DedeCMS 5.7.111, where the AddMyAddon function in album_add.php is vulnerable due to improper handling of the albumUploadFiles parameter, enabling OS command injection. The vulnerability is exploitable remotely and, per multiple sources, can lead to arbitrary command executi...

CVE-2023-5301 DedeCMS album_add.php AddMyAddon os command injection

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file albumadd.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed t...

USN-5301-1: Cyrus SASL vulnerability | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. CVEs contained in this USN include: CVE-2022-24407...

Ubuntu: Security Advisory (USN-5301-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5301

SimpleSAMLphp before 1.18.6 exposes source code of module files when a request ends with .PHP on case-insensitive filesystems (e.g., Windows) due to a faulty .php check; this enables information disclosure of private/sensitive module source. The issue is fixed in version 1.18.6. Affected/related ...

CVE-2016-11041

An issue was discovered on Samsung mobile devices with KK4.4 software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 June 2016...