Lucene search
+L

261 matches found

Cvelist
Cvelist
added 2025/01/21 5:2 p.m.50 views

CVE-2025-24018 YesWiki Vulnerable to Authenticated Stored XSS

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

7.6CVSS0.00392EPSS
Exploits1References3
OSV
OSV
added 2025/01/21 5:2 p.m.20 views

CVE-2025-24018 YesWiki Vulnerable to Authenticated Stored XSS

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

7.6CVSS6.7AI score0.00392EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.4 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS8.1AI score0.00464EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/15 12:0 a.m.10 views

CVE-2024-27731

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter...

6.1AI score0.00298EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/15 12:0 a.m.15 views

CVE-2024-27731

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter...

0.00298EPSS
Exploits1References2
CVE
CVE
added 2024/08/15 12:0 a.m.62 views

CVE-2024-27731

CVE-2024-27731 is a Cross Site Scripting vulnerability in Friendica v2023.12. The issue stems from the lack of file type filtering in the file attachment parameter, which could allow a remote attacker to obtain sensitive information. The available documents consistently describe the affected soft...

6.1CVSS6.2AI score0.00298EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/08/15 12:0 a.m.7 views

CVE-2024-27731

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter...

6.1CVSS6.3AI score0.00298EPSS
Exploits1References4
NVD
NVD
added 2024/07/16 5:15 p.m.31 views

CVE-2024-40626

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...

7.3CVSS0.00515EPSS
Exploits1References1
NVD
NVD
added 2024/06/18 11:15 a.m.19 views

CVE-2024-38504

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles...

5.3CVSS0.00362EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/18 10:42 a.m.24 views

CVE-2024-38504

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles...

4.3CVSS7.1AI score0.00362EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/20 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a pre-refresh issue when attaching to a file in direct write mode...

7.8CVSS6.4AI score0.00204EPSS
Exploits0References5
Veracode
Veracode
added 2024/03/28 5:48 a.m.17 views

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the handling of file attachments. An attacker with admin privileges can upload an attachment containing JS code without an extension, and the application will render it as HTML, leading to the execution of arbitrary...

4.8CVSS6.7AI score0.00508EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2024/03/09 12:50 a.m.16 views

CVE-2024-28184

WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if urlfetcher is configured to prevent access to files and URLs. This vulnerability has been patched in...

7.4CVSS7.4AI score0.00623EPSS
Exploits0
OSV
OSV
added 2024/03/06 11:2 a.m.19 views

BIT-PHPMAILER-2020-13625

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message...

7.5CVSS7.4AI score0.0378EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.5 views

OTRS Authorization Issues Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS that stems from the fact that when adding an attachment to a work order comment, another user can add the attachment and impersonate the original user...

6.5CVSS6.7AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2024/01/09 12:15 a.m.26 views

CVE-2024-21651

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU...

7.5CVSS7.4AI score0.00636EPSS
Exploits0References2
CNVD
CNVD
added 2023/11/02 12:0 a.m.84 views

phpMyFAQ FileName parameter cross-site scripting vulnerability

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the FileName parameter of the file attachment upload function, an...

5.4CVSS6.2AI score0.00414EPSS
Exploits1References1
OSV
OSV
added 2023/10/25 5:59 p.m.33 views

CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

9.9CVSS8.4AI score0.01076EPSS
Exploits1References5
OSV
OSV
added 2023/10/09 10:40 a.m.14 views

CVE-2023-5331 File Information Leak via IDOR in file_id in Draft Posts

Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information...

4.3CVSS6.1AI score0.00319EPSS
Exploits0References3
Huntr
Huntr
added 2023/10/02 7:37 p.m.33 views

Stored XSS in Attachment File Name

Description A stored cross-site scripting vulnerability exists within the file attachment upload functionality. Replication Steps 0x01. As a user with only the "Edit Record" and "Add Attachments" permissions, the user proceeded to edit a FAQ record and clicked "Add new attachment", as seen in the...

5.5AI score0.00414EPSS
Exploits1
Rows per page
Query Builder