9 matches found
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2025-65572
Cross Site Scripting XSS vulnerability in AllskyTeam AllSky v2024.12.0606 allows remote attackers to execute arbitrary code via the 1 config, 2 filename, or 3 extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages function in...
CVE-2024-44373
A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...
CVE-2024-44373
A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...
PT-2025-33841
Name of the Vulnerable Software and Affected Versions: AllSky version 2023.05.01 04 Description: A path traversal flaw exists in AllSky version 2023.05.01 04 that allows an unauthenticated attacker to create a webshell and achieve remote code execution. The issue is located in the /includes/save...
CVE-2024-44373
AllSky is affected (versions 2023.05.01 through 2024.12.06_06). A path traversal flaw in /includes/save_file.php, triggered by manipulating the path and content parameters, allows an unauthenticated attacker to write arbitrary files and achieve remote code execution. Root cause: improper sanitiza...