Lucene search
K

96 matches found

Prion
Prion
added 2023/12/21 4:15 p.m.19 views

Design/Logic Flaw

A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely...

5.8CVSS6.9AI score0.00579EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/21 4:0 p.m.32 views

CVE-2023-7036 automad Content Type FileCollectionController.php upload unrestricted upload

A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely...

5.8CVSS5.8AI score0.00579EPSS
Exploits1References3
CVE
CVE
added 2023/12/21 4:0 p.m.63 views

CVE-2023-7036

The CVE-2023-7036 entry concerns automad (up to version 1.10.9). The vulnerability resides in the upload function of FileCollectionController.php within the Content Type Handler, enabling unrestricted file uploads. Qualifiers indicate remote initiation and publicly disclosed exploit details. The ...

5.8CVSS5AI score0.00579EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/12/21 3:30 p.m.36 views

Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad

Withdrawn Advisory This advisory has been withdrawn because only the main admin with the highest level of privilege can provide input, and there are no users other than the admin from whom data could be stolen. This link is maintained to preserve external references. Original Description automad ...

5.4CVSS4.3AI score0.0061EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/12/21 3:30 p.m.17 views

GHSA-7J9H-CH38-474R Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad

Withdrawn Advisory This advisory has been withdrawn because only the main admin with the highest level of privilege can provide input, and there are no users other than the admin from whom data could be stolen. This link is maintained to preserve external references. Original Description automad ...

2.4CVSS5.2AI score0.0061EPSS
Exploits1References6
OSV
OSV
added 2023/12/21 3:15 p.m.10 views

CVE-2023-7035

A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...

5.4CVSS4.1AI score
Exploits0References6
NVD
NVD
added 2023/12/21 3:15 p.m.27 views

CVE-2023-7035

A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...

5.4CVSS0.0061EPSS
Exploits1References6
Prion
Prion
added 2023/12/21 3:15 p.m.13 views

Cross site scripting

A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...

3.3CVSS6.2AI score0.0061EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/21 2:31 p.m.36 views

CVE-2023-7035 automad Setting post.php cross site scripting

A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...

4.8CVSS5.3AI score0.0061EPSS
Exploits1References6
CVE
CVE
added 2023/12/21 2:31 p.m.50 views

CVE-2023-7035

Automad (versions up to 1.10.9) is affected by a cross-site scripting flaw in the Setting Handler, specifically in the sitename argument processed by the post.php endpoint under packages/standard/templates/post.php. The issue is triggered by unsanitized input and may be exploitable remotely; mult...

5.4CVSS4.2AI score0.0061EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.4 views

PT-2023-32846 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in the User Creation Handler component, affecting the processing of the file "/dashboard?controller=UserCollection::createUser". This issue leads to cross-site request...

6.5CVSS6.7AI score0.00392EPSS
Exploits1References9
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.4 views

Automad Code Injection Vulnerability

Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...

5.4CVSS6.2AI score0.0061EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.3 views

automad Code Issues Vulnerabilities

automad is a flat file content management system and template engine. A code issue vulnerability exists in automad 1.10.9 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in the function import in the file FileController.php...

8.8CVSS7AI score0.00708EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.4 views

PT-2023-32843 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in automad, allowing for cross-site scripting due to the manipulation of the sitename argument. This issue affects some unknown functionality of the file...

5.4CVSS3.8AI score0.0061EPSS
Exploits1References14
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.6 views

automad Cross-Site Request Forgery Vulnerability

automad is a flat file content management system and template engine. A cross-site request forgery vulnerability exists in automad 1.10.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the User Creation Handler component...

6.5CVSS5.9AI score0.00392EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.5 views

automad Code Issues Vulnerabilities

automad is a flat file content management system and template engine. A code issue vulnerability exists in automad 1.10.9 and earlier versions, which stems from a file upload vulnerability in the function upload of the file FileCollectionController.php...

5.8CVSS7.1AI score0.00579EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.5 views

PT-2023-32844 · Automad · Automad

Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in the function upload of the file FileCollectionController.php of the component Content Type Handler. This leads to unrestricted upload. The attack may be launched remotely...

5.8CVSS6.7AI score0.00579EPSS
Exploits1References9
Veracode
Veracode
added 2023/02/09 8:53 a.m.17 views

Cross-site Scripting (XSS)

automad is vulnerable to Cross-Site ScriptingXSS. The vulnerability exist in accounts.php due to the lack of validation in the html elements when adding a user which allows an attacker to inject and execute malicious JavaScript...

5.4CVSS5.5AI score0.00519EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/03 6:30 p.m.18 views

Cross site scripting in automad/automad

Cross Site Scripting XSS vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user...

5.4CVSS5.6AI score0.00519EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/02/03 6:30 p.m.15 views

GHSA-Q3C8-65Q7-9V78 Cross site scripting in automad/automad

Cross Site Scripting XSS vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user...

4.8CVSS5.3AI score0.00519EPSS
Exploits1References2
Rows per page
Query Builder