CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

Cross site scripting

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

CVE-2019-13493

Sitecore 9.0 rev 171002 is affected by a Persistent XSS in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript. This CVE (CVE-2019-13493) is documented across multiple sources (NVD/Red Hat/CVE listi...

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation Vulnerability

Exploit for linux platform in category web applications //====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation //====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

CentOS Control Web Panel 0.9.8.836 Privilege Escalation

//====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

WordPress File Manager plugin <= 4.8 - Multiple Vulnerabilities

Multiple Vulnerabilities found by WebARX in WordPress File Manager plugin versions = 4.8. Solution Update the WordPress File Manager plugin to the latest available version at least 4.9...

File Manager < 5.2 - Multiple Vulnerabilities

Multiple vulnerabilities exist due to not checking the authentication of the user properly in the wpajax action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin. Authentication is required, but this can be of any use...

Cross-Site Scripting (XSS)

The mndpsingh287 file manager plugin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the publicpath parameter in the wpfilemanagerroot page...

CVE-2019-10720

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...

Directory traversal

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...

CVE-2016-10759

The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads...

CVE-2019-12190

XSS was discovered in CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fmcurrentdir or filename parameter...

Cross site scripting

XSS was discovered in CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fmcurrentdir or filename parameter...

PT-2019-12689 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions through 0.9.8.747 Description: A cross-site scripting XSS issue was found in the CentOS Web Panel. The issue is related to the fm current dir or filename parameter in the testacc/fileManager2.php endpoint...

DoorGets Sensitive Information Disclosure Vulnerability (CNVD-2019-13790)

DoorGets is a free and open source content management system. A sensitive information disclosure vulnerability exists in /fileman/php/renamefile.php in doorGets 7.0. A remote, unauthenticated attacker can exploit this vulnerability to obtain sensitive information about the server or make the serv...

CMS Made Simple <= 2.2.12 Multiple Reflected XSS Vulnerabilities

CMS Made Simple is prone to multiple reflected cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-18823

WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...