CVE-2026-7314 eiceblue spire-doc-mcp-server base.py get_doc_path path traversal

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

EUVD-2026-26151

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function getdocpath of the file src/spiredocmcp/api/base.py. Performing a manipulation of the argument documentname results in path traversal. The attack can be initiated remotely. The exploit is now public and...

Spire.Doc MCP Server 路径遍历漏洞

Spire.Doc MCP Server is a tool provided by E-iceblue Product Family for individual developers, allowing them to work with Word documents without using Microsoft Word. Version 1.0.0 of Spire.Doc MCP Server contains a path traversal vulnerability. This vulnerability arises from the operation of the...

Cross-site Scripting (XSS)

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...

CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

EUVD-2021-24154

Malware in sbrugna...

CVE-2021-35343

Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...

CVE-2025-45754

A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...

CVE-2025-45754

A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...

PT-2025-22403

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A stored cross-site scripting XSS issue exists, allowing an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name. Recommendations For SeedDMS versio...

CVE-2025-45754

A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...

CVE-2025-45754

A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...

XWiki Platform Cross-Site Scripting Vulnerability

XWiki Platform is a suite of Wiki platforms for creating collaborative Web applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform that stems from the fact that XWiki is susceptible to a reflective cross-site scripting attack when validating the name of...

CVE-2023-34088

Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...

Cross site scripting

Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...

SUSE CVE-2006-2193

Buffer overflow in the t2pwritepdfstring function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character i...

CVE-2022-47417

LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document file name...

Improper Name Validation in Upload Document Form

Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...