GHSA-9C3J-XM6V-J7J3 MantisBT has a Content Security Policy bypass via attachments

Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via the filedownload.php link, will be downloaded with a valid JavaScript MIME type resulting in...

CVE-2026-42864

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...

CVE-2026-27616 Vikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token Exposure

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...

CVE-2025-67084

The CVE-2025-67084 entry concerns InvoicePlane up to version 1.6.3, where an authenticated file-upload flaw allows uploading arbitrary PHP files into attachments, enabling remote code execution (RCE). Affected component is the file upload handling in attachments; the root cause is not explicitly ...

CVE-2022-50685

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers...

PT-2025-44794

Name of the Vulnerable Software and Affected Versions FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 Description A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization. This is due to missing authorization chec...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the application not verifying the content type of uploaded attachments or user avatars and serving the data back as is, which allows an authenticated attacker to inject malicious scripts that execute...

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...

CVE-2025-44594

halo v2.20.17 and before is vulnerable to server-side request forgery SSRF in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url...

PT-2025-36946

Name of the Vulnerable Software and Affected Versions: halo versions prior to 2.20.17 Description: The software is vulnerable to a server-side request forgery SSRF issue. The vulnerability exists in the /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url API endpoint...

Kiwi TCMS 跨站脚本漏洞

Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A cross-site scripting vulnerability exists in Kiwi TCMS versions prior to 12.4 that stems from allowing users to upload attachments to test plans, test cases, etc. To prevent th...

Atlassian Confluence Server 代码问题漏洞

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A code issue vulnerability exists in Atlassian Confluence Server versions prior to 7.19.9, which...

PT-2023-18552 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server affected versions not specified Description: The issue allows remote attackers with read permissions to a page, but not write permissions, to upload attachments. This is due to a Broken Access Control vulnerability...

Halo 代码问题漏洞

Halo is a personal blog system for individual developers. A security vulnerability exists in Halo CMS version 1.5.3, which is caused by a file upload issue on the /api/admin/attachments/upload page...

CVE-2022-21477

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments, File Upload. Supported versions that are affected are 12.2.6-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

PartKeepr 代码问题漏洞

PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...

Cross site scripting

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

CVE-2021-45903

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

PT-2021-24310 · Bitnami +2 · Suitecrm

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...