CVE-2015-20116

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users'...

PT-2026-25719

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users'...

CVE-2015-20116

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users'...

WordPress plugin Community Events SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2019-11537

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...

PT-2024-38338 · WordPress · Mpg Plugin

Name of the Vulnerable Software and Affected Versions: The Multiple Page Generator Plugin – MPG plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functions intended for admin use,...

PT-2024-12521 · Ibm · Ibm Cloud Pak For Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2 Description: The issue is caused by improper validation of csv file contents, allowing a remote attacker to execute arbitrary commands on the system. This can lead to unauthorized...

WordPress plugin Request a Quote 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin College publisher Import 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.College publisher Import is a plugin for WordPress. A file upload vulnerability exists in WordPress College publisher...

CVE-2019-15127

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...