96 matches found
Design/Logic Flaw
A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely...
CVE-2023-7036 automad Content Type FileCollectionController.php upload unrestricted upload
A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely...
CVE-2023-7036
The CVE-2023-7036 entry concerns automad (up to version 1.10.9). The vulnerability resides in the upload function of FileCollectionController.php within the Content Type Handler, enabling unrestricted file uploads. Qualifiers indicate remote initiation and publicly disclosed exploit details. The ...
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad
Withdrawn Advisory This advisory has been withdrawn because only the main admin with the highest level of privilege can provide input, and there are no users other than the admin from whom data could be stolen. This link is maintained to preserve external references. Original Description automad ...
GHSA-7J9H-CH38-474R Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad
Withdrawn Advisory This advisory has been withdrawn because only the main admin with the highest level of privilege can provide input, and there are no users other than the admin from whom data could be stolen. This link is maintained to preserve external references. Original Description automad ...
CVE-2023-7035
A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...
CVE-2023-7035
A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...
Cross site scripting
A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...
CVE-2023-7035 automad Setting post.php cross site scripting
A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The...
CVE-2023-7035
Automad (versions up to 1.10.9) is affected by a cross-site scripting flaw in the Setting Handler, specifically in the sitename argument processed by the post.php endpoint under packages/standard/templates/post.php. The issue is triggered by unsanitized input and may be exploitable remotely; mult...
PT-2023-32846 · Automad · Automad
Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in the User Creation Handler component, affecting the processing of the file "/dashboard?controller=UserCollection::createUser". This issue leads to cross-site request...
Automad Code Injection Vulnerability
Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...
automad Code Issues Vulnerabilities
automad is a flat file content management system and template engine. A code issue vulnerability exists in automad 1.10.9 and earlier versions, which stems from a Server Request Forgery SSRF vulnerability in the function import in the file FileController.php...
PT-2023-32843 · Automad · Automad
Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in automad, allowing for cross-site scripting due to the manipulation of the sitename argument. This issue affects some unknown functionality of the file...
automad Cross-Site Request Forgery Vulnerability
automad is a flat file content management system and template engine. A cross-site request forgery vulnerability exists in automad 1.10.9 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the User Creation Handler component...
automad Code Issues Vulnerabilities
automad is a flat file content management system and template engine. A code issue vulnerability exists in automad 1.10.9 and earlier versions, which stems from a file upload vulnerability in the function upload of the file FileCollectionController.php...
PT-2023-32844 · Automad · Automad
Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in the function upload of the file FileCollectionController.php of the component Content Type Handler. This leads to unrestricted upload. The attack may be launched remotely...
Cross-site Scripting (XSS)
automad is vulnerable to Cross-Site ScriptingXSS. The vulnerability exist in accounts.php due to the lack of validation in the html elements when adding a user which allows an attacker to inject and execute malicious JavaScript...
Cross site scripting in automad/automad
Cross Site Scripting XSS vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user...
GHSA-Q3C8-65Q7-9V78 Cross site scripting in automad/automad
Cross Site Scripting XSS vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user...