197 matches found
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a stack overflow risk when parsing vector images, and can be...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a stack overflow risk when parsing vector images, and can be...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a stack overflow risk when parsing vector images, and can be...
PT-2025-28109 · Huawei · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is a risk of stack overflow when vector images are parsed during file preview. The impact of successful exploitation of this issue may affect the file preview function. Recommendations...
PT-2025-28104 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to a risk of stack overflow when vector images are parsed during file preview. Successful exploitation of this vulnerability may affect the file preview function...
PT-2025-28105 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to a risk of stack overflow when vector images are parsed during file preview. Successful exploitation of this vulnerability may affect the file preview function...
PT-2025-28108 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A stack overflow risk exists when vector images are parsed during file preview. Successful exploitation of this issue may affect the file preview function. Recommendations: At the moment,...
PT-2025-28106 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is a risk of stack overflow when vector images are parsed during file preview. The impact of successful exploitation of this issue may affect the file preview function. Recommendations...
PT-2025-28107 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is a risk of stack overflow when vector images are parsed during file preview. The impact of successful exploitation of this issue may affect the file preview function. Recommendations...
PT-2025-28099 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A stack overflow risk exists when vector images are parsed during file preview. Successful exploitation of this issue may affect the file preview function. Recommendations: At the moment,...
CVE-2025-7066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...
CVE-2025-50183
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in...
CVE-2025-50183
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...
CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...
CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...
OpenList Frontend 跨站脚本漏洞
OpenList Frontend is an OpenList Team open source application that protects open source projects from trust-based attacks. A cross-site scripting vulnerability exists in OpenList Frontend versions prior to 4.0.0-rc.4, which stems from a .py file in the file preview feature that may be interpreted...
GHSA-2HW3-H8QX-HQQP OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
XSS via .py file containing script tag interpreted as HTML Summary A vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. This leads to ...
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
XSS via .py file containing script tag interpreted as HTML Summary A vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. This leads to ...
CVE-2024-43412
Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xib...
CVE-2024-48927
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full...