Webmin 跨站脚本漏洞

Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site scripting vulnerability exists in Webmin. The vulnerability is due to a file manager function that incorrectly validates user-supplied input. An attacker could use this...

PT-2023-27730 · Webmin · Webmin

Name of the Vulnerable Software and Affected Versions: Webmin version 2.100 Description: A reflected cross-site scripting XSS issue in the File Manager function allows attackers to execute malicious scripts by injecting a crafted payload into the Find in Results file. This enables the execution o...

CVE-2023-41162

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down...

CVE-2023-41162

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down...

CVE-2023-41162

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down...

Cross site scripting

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down...

CVE-2023-41162

CVE-2023-41162 refers to a reflected XSS in Webmin/Usermin 2.000, specifically in the File Manager tab where an attacker can inject arbitrary script/HTML via the file mask field during a search under the Tools drop-down. The vulnerability affects the file manager component and is categorized with...

PT-2023-27838 · Usermin · Usermin

Name of the Vulnerable Software and Affected Versions: Usermin version 2.000 Description: A Reflected Cross-site scripting XSS issue exists in the file manager tab, allowing remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down...

WordPress File Manager Pro Plugin < 1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Pro Type Plugin Vulnerable versions 1.8 Fixed in 1.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4827 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID f857273165df Credits Dmitrii Ignatyev Required...

Webmin Usermin Cross-Site Scripting Vulnerability

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A cross-site scripting vulnerability exists in Webmin Usermin version 2.000, which stems from a reflected cross-site scripting XSS vulnerability in the File Manager...

CVE-2023-41162

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down...

CVE-2023-41162

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down...

File Manager Pro < 1.8 - Remote Code Execution via CSRF

Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. PoC As a Super Admin, run the following...

The vulnerability of the Fusion File Manager component in the PHP-Fusion CMS system allows a hacker to gain access to read and modify files.

The vulnerability of the Fusion File Manager CMS system’s PHP-Fusion component is related to an incorrect limitation on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to gain access to and modify files through a specially created HTTP request...

KodExplorer cross-site scripting vulnerability (CNVD-2023-72248)

KodExplorer is a web file manager. A cross-site scripting vulnerability exists in KodExplorer version 4.45. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in /index.php, which can be exploited by an attacker to execute arbitrary web script or HTML ...

The vulnerability of the FileManager::detectLanguageFromTextBegining() function in the Notepad++ text editor allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the FileManager::detectLanguageFromTextBegining function in the Notepad++ text editor is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

KodExplorer 跨站脚本漏洞

KodExplorer is a web file manager. A cross-site scripting vulnerability exists in KodExplorer version 4.45. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in /index.php, which can be exploited by an attacker to execute arbitrary web script or HTML ...

CVE-2023-4480

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

CVE-2023-4480

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...

Design/Logic Flaw

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write fil...