230 matches found
EUVD-2024-40043
Malicious code in bioql PyPI...
EUVD-2024-42406
Malicious code in bioql PyPI...
EUVD-2023-53754
Malicious code in bioql PyPI...
Fiora chat user avatar is vulnerable to XSS via SVG files
Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users...
CVE-2025-56515
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
CVE-2025-48007
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-48007
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-48007
CVE-2025-48007 affects Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) with versions 5 through 5.1.1. The issue is an improper encoding or escaping of output that enables Cross-Site Scripting (XSS). The connected sources consistently describe the vulnerability as an XSS in BlueSpice 5–5.1...
CVE-2025-48007 Potential XSS in Extension:BlueSpiceAvatars
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
PT-2025-38533
Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars that allows for Cross-Site Scripting XSS. Recommendations Update BlueSpice to a...
SUSE CVE-2025-56761
Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...
Memos Vulnerable to Stored Cross-Site Scripting
Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...
CVE-2025-56761
Memos 0.22 is vulnerable to Stored Cross site scripting XSS vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XS...
Memos 安全漏洞
Memos is a Memos open source open source hosted meme center with knowledge management and social features. A security vulnerability exists in Memos version 0.22, which stems from the Upload Attachment and User Avatar features being vulnerable to a stored cross-site scripting attack that could...
PT-2025-35797
Name of the Vulnerable Software and Affected Versions Memos version 0.22 Description Memos version 0.22 is susceptible to Stored Cross-Site Scripting XSS through the upload attachment and user avatar features. The software does not validate the content type of uploaded data before serving it,...
Unspecified Vulnerability in WordPress Simple Local Avatars plugin
WordPress Simple Local Avatars plugin is a WordPress plugin mainly used to allow users to upload and manage local avatars, replacing the default Gravatar service. A security vulnerability exists in the WordPress Simple Local Avatars plugin, which stems from a lack of capability checking, and can ...
Malicious code in n1-avatars (npm)
The package n1-avatars was found to contain malicious code...
MAL-2025-27042 Malicious code in n1-avatars (npm)
The package n1-avatars was found to contain malicious code...
CVE-2025-8482
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2025-8482
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...