Lucene search
K

324 matches found

OSV
OSV
added 2021/11/29 4:15 p.m.3 views

CVE-2021-43691

tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...

9.8CVSS5.7AI score0.01519EPSS
Exploits1References1
NVD
NVD
added 2021/11/29 4:15 p.m.12 views

CVE-2021-43691

tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...

9.8CVSS0.01519EPSS
Exploits1References1
Prion
Prion
added 2021/11/29 4:15 p.m.14 views

Path traversal

tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...

7.5CVSS9.3AI score0.01519EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/11/29 3:4 p.m.37 views

CVE-2021-43691

Tripexpress v1.1 is affected by a path traversal vulnerability in file system/helpers/dompdf/load_font.php. The issue arises because the variable src is assigned from $_SERVER["argv"] (src coming from argv) and is not properly validated, enabling path manipulation. No remediation or patch details...

9.8CVSS9.4AI score0.01519EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/11/29 3:4 p.m.19 views

CVE-2021-43691

tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/loadfont.php. The variable src is coming from $SERVER"argv" then there is a path manipulation vulnerability...

9.6AI score0.01519EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/12 8:55 a.m.67 views

in dompdf/dompdf

Description Improper restriction of external entities XXE in DomPDF's SVG parser allows it to perform an SSRF even if isRemoteEnabled set to false or even cause a deserialization attack in the SVG parser this time. Proof of Concept Payload 1 - SSRF only allowurlfopen required This embeds Google...

0.9AI score0.00924EPSS
Exploits1
Huntr
Huntr
added 2021/10/09 5:8 p.m.28 views

in bookstackapp/bookstack

Description The dompdf chroot option in Bookstack App is set to basepath, which is the Laravel root folder /var/www/bookstack. An attacker can hence load any image file in the Laravel folder /var/www/bookstack or its subdirectories via PDF exports. Proof of Concept 1: Place an image file in...

0.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/10/01 4:15 p.m.4 views

CVE-2021-40925

Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...

6.1CVSS6.6AI score0.00818EPSS
Exploits1References3
Prion
Prion
added 2021/10/01 4:15 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...

4.3CVSS6AI score0.00818EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/10/01 3:42 p.m.27 views

CVE-2021-40925

Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...

6.2AI score0.00818EPSS
Exploits1References2
CVE
CVE
added 2021/10/01 3:42 p.m.46 views

CVE-2021-40925

CVE-2021-40925 is an XSS vulnerability in dompdf/dompdf/www/demo.php used by infaveo-helpdesk v1.11.0 and earlier. The issue arises from reflecting the $_SERVER["PHP_SELF"] parameter, enabling remote attackers to inject arbitrary script/HTML. Affected component: demo.php in the dompdf/dompdf pack...

6.1CVSS6AI score0.00818EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2021/09/28 5:4 p.m.37 views

in dompdf/dompdf

Description The Scenario 3 you described in this report https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e/ actually opens up the ability to bypass chroot checks. Proof of Concept 1: Make sure you install Dompdf from GitHub https://github.com/dompdf/dompdf/ and include the following...

5CVSS5.4AI score0.00913EPSS
Exploits1
Huntr
Huntr
added 2021/09/20 4:8 p.m.21 views

in dompdf/dompdf

Description DomPDF is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the filegetcontents function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate...

1AI score0.0143EPSS
Exploits1References1
Huntr
Huntr
added 2021/08/13 1:6 p.m.18 views

Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

✍️ Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. 🕵️‍♂️ Proof of Concept Updating page with malicious...

4CVSS0.1AI score0.008EPSS
Exploits1
NVD
NVD
added 2021/01/28 8:15 p.m.14 views

CVE-2020-36115

Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...

5.4CVSS5.3AI score0.00595EPSS
Exploits1References1
Prion
Prion
added 2021/01/28 8:15 p.m.12 views

Cross site scripting

Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...

3.5CVSS5.3AI score0.00595EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/01/28 8:15 p.m.2 views

CVE-2020-36115

Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...

5.4CVSS5.1AI score0.00595EPSS
Exploits1References2
CVE
CVE
added 2021/01/28 7:15 p.m.36 views

CVE-2020-36115

CVE-2020-36115 affects the EGavilan Media CRUD Operation (PHP/MySQL/Bootstrap/Dompdf) where the First Name or Last Name field in the Add New Record feature allows Stored XSS. The vulnerability is described as a Stored Cross Site Scripting (XSS) via input fields, with no explicit exploit details o...

5.4CVSS5.3AI score0.00595EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/01/28 7:15 p.m.22 views

CVE-2020-36115

Stored Cross Site Scripting XSS vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'...

5.3AI score0.00595EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2021/01/28 12:0 a.m.245 views

EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting

Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting Exploit Author: Mahendra Purbia Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Windows 10 Vulnerable...

7.4AI score
Exploits0
Rows per page
Query Builder