136 matches found
PT-2024-22015 · Friendica · Friendica
Name of the Vulnerable Software and Affected Versions: Friendica version 2023.12 Description: The issue allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. This is a Cross Site Scripting issue. Recommendations: For Friendi...
CVE-2024-38504
CVE-2024-38504 impacts JetBrains YouTrack prior to 2024.2.34646, where the Guest User Account could attach files to articles. The underlying issue is that guest access allowed file attachments to article content, enabling a potential information exposure via user-generated content. The vulnerabil...
RHEL 7 : mailman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: arbitrary content injection via the options login page CVE-2020-12108 - mailman: XSS via file...
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks...
phpMyFAQ Stored Cross-site Scripting at File Attachments
Summary An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks. Details When attachments are uploaded without an extension, the application renders it as HTML by default. Therefore...
BIT-REDMINE-2022-44030
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...
CVE-2024-21651 XWiki Denial of Service attack through attachments
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU...
New Campaign Targets Middle East Governments with IronWind Malware
Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind. The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402,...
phpMyFAQ 跨站脚本漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the FileName parameter of the file attachment upload function, an...
Cross site scripting
A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...
PT-2023-21754 · Wekan · Wekan
Name of the Vulnerable Software and Affected Versions: WeKan versions prior to 6.75 Description: A stored cross-site scripting Stored XSS issue in the file preview feature allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Users with BoardAdmin...
CVE-2023-28485
A stored cross-site scripting Stored XSS vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board where they have BoardAdmin access,...
GHSA-36CM-H8GV-MG97 RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS prior to 11.0 allows anyone, regardless of authentication status, to download and view file attachments under the salaries module. In addition, the file names contain a date in a YYYY-MM-DD format and a random six-string digit, making enumerating file names with automated tools...
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS prior to 11.0 allows anyone, regardless of authentication status, to download and view file attachments under the salaries module. In addition, the file names contain a date in a YYYY-MM-DD format and a random six-string digit, making enumerating file names with automated tools...
PT-2023-20766 · Unknown · Rosariosis
Name of the Vulnerable Software and Affected Versions: RosarioSIS versions prior to 11.0 Description: The issue allows unauthorized access to sensitive data due to a lack of access control in a mechanism. Specifically, it enables anyone to download and view file attachments under the salaries...
Information Disclosure
redmine is vulnerable to Information Disclosure. The library allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...
SUSE CVE-2022-4055
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...
CVE-2022-44030
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...
CVE-2022-44030
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user...
CVE-2022-4055
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...