155 matches found
CVE-2020-13443
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges member is able to upload this. It is possible to bypass the MIME type check and file-extension check...
CVE-2017-1000160
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...
CVE-2024-38454
ExpressionEngine before 7.4.11 allows XSS...
CVE-2024-38454
ExpressionEngine before 7.4.11 allows XSS...
Packet Tide ExpressionEngine Cross-Site Scripting Vulnerability
Packet Tide ExpressionEngine is an open source content management system CMS from Packet Tide, Inc. A cross-site scripting vulnerability exists in Packet Tide ExpressionEngine versions prior to 7.4.11, which stems from a cross-site scripting vulnerability contained in files such as Channels.php,...
CVE-2024-38454
ExpressionEngine CVE-2024-38454 affects ExpressionEngine prior to version 7.4.11, with a cross-site scripting (XSS) vulnerability in the web application. The issue arises in core functionality that processes user input and can be triggered by a user interaction. Public references in NVD and relat...
CVE-2024-38454
ExpressionEngine before 7.4.11 allows XSS...
CVE-2024-38454
ExpressionEngine before 7.4.11 allows XSS...
PT-2024-11050 · Expressionengine +7 · Expressionengine +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Insufficient user input filtering leads to arbitrary file read by non-authenticated attackers, resulting in sensitive information disclosure. There is n...
ExpressionEngine Security Vulnerability
Packet Tide ExpressionEngine is an open source content management system CMS from Packet Tide, Inc. in the United States. A security vulnerability exists in ExpressionEngine that stems from insufficient user input filtering, which allows an unauthenticated attacker to read arbitrary files and cau...
ExpressionEngine: Multiple XSS and open HTTP redirection
The ExpressionEngine platform was affected by multiple cross-site scripting vulnerabilities that could have allowed attackers to execute JavaScript in the browsers of targeted users. An open HTTP redirection issue was also discovered...
CVE-2024-0738
A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has...
CVE-2024-0738 个人开源 mldong DecisionModel.java ExpressionEngine code injection
A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has...
mldong Code Injection Vulnerability
mldong is mldong individual developer based on SpringBoot + Vue3 rapid development platform , self-research workflow engine . mldong 1.0 version of the code injection vulnerability , the vulnerability stems from the file com/mldong/modules/wf/engine/model/DecisionModel.java ExpressionEngine...
PT-2024-15795 · Mldong · Mldong
Name of the Vulnerable Software and Affected Versions: mldong version 1.0 Description: A critical issue has been found in mldong, affecting the ExpressionEngine function of the file com/mldong/modules/wf/engine/model/DecisionModel.java. This issue leads to code injection and can be initiated...
CVE-2023-22953
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...
CVE-2023-22953
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...
CVE-2023-22953
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...
Remote code execution
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...
PT-2023-18795 · Ellislab · Expressionengine
Name of the Vulnerable Software and Affected Versions: ExpressionEngine versions prior to 7.2.6 Description: The issue allows remote code execution by an authenticated Control Panel user. Recommendations: For versions prior to 7.2.6, update to version 7.2.6 or later to resolve the issue...