236 matches found
CVE-2020-13660
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name...
CVE-2020-13660
CVE-2020-13660 concerns CMS Made Simple up to version 2.2.14, where an XSS vulnerability exists in the File Picker profile name. The connected sources consistently describe a cross-site scripting issue stemming from insufficient input/validation handling in the web application, enabling crafted p...
Sandbox Protection Bypass
Firefox is vulnerable to sandbox protection bypass attacks. A remote user can escape the sandbox and read files on the target system via file picker allowing to perform unauthorized actions...
CMS Made Simple <= 2.2.12 Multiple Reflected XSS Vulnerabilities
CMS Made Simple is prone to multiple reflected cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2019-9057
An issue was discovered in CMS Made Simple 2.2.8. In the module FilePicker, it is possible to reach an unserialize call with an untrusted parameter, and achieve authenticated object injection...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2019-08458)
CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMSMS versi...
CVE-2019-10017
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker...
Design/Logic Flaw
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker...
CVE-2019-10017
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker...
CVE-2019-10017
CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker...
CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...
CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...
CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...
UBUNTU-CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...
CVE-2018-6095
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page...
CVE-2018-6095
The CVE-2018-6095 entry relates to Google Chrome’s Blink component. It describes an issue where the file picker could be dismissed inappropriately on keyboard events, allowing a remote attacker to read local files via a crafted HTML page. Affected product: Google Chrome/Blink (before version 66.0...
CVE-2018-6095
Removed by vendor...
Windows Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code...
Tor: Potential IP revealing using UNC Path in Windows File Picker
Vulnerability description not provided...
CVE-2017-5454
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird 52.1,...