GHSA-9FCC-7G44-MXRJ Cross-site Scripting in ShowDoc

ShowDoc prior to 2.10.4 is vulnerable to stored cross-site scripting via uploading files with files in .xsd, .asa, and .aspx formats...

showdoc .shtml file upload vulnerability

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .shtml file extensions in the application's file upload feature. An attacker could use this vulnerability to...

Vulnerabilities fixed in Mattermost Server

Two vulnerabilities have been fixed in Mattermost Server. A unauthenticated malicious person can exploit the vulnerabilities to cause a denial-of-service. To do so, a malicious file needs to be uploaded or a malicious POST request needs to be sent be sent to the server. For the latter, no...

showdoc 跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .md file extensions in the application's file upload feature. An attacker could use this vulnerability to...

showdoc 代码问题漏洞

showdoc is open source a great tool for IT teams to share documents online. A code issue vulnerability exists in showdoc before 2.10.4, which stems from unrestricted file uploads...

showdoc 跨站脚本漏洞

showdoc is open source a great tool for IT teams to share documents online. A security vulnerability exists in showdoc before 2.10.4, which stems from unrestricted file uploads...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A file upload vulnerability exists in versions of Microweber prior to 1.2.12, which stems from a lack of validation of...

CVE-2022-24652

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

CVE-2022-24651

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

Privilege escalation

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...

Privilege escalation

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...

CVE-2022-24652

CVE-2022-24652 affects SentCMS 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the unauthorized file upload interface at /admin/upload/upload, enabling remote attackers to upload arbitrary files and achieve PHP code execution. The NVD reports a high-severity impact (...

CVE-2022-24652

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...

CVE-2022-24651

CVE-2022-24651 affects SentCMS 4.0.x. The vulnerability allows remote attackers to upload arbitrary files via an unauthorized upload interface at /user/upload/upload, enabling PHP code execution. Multiple sources corroborate that the issue stems from lack of validation of uploaded files. No patch...

Ninja Forms File Uploads Extension < 3.3.13 - Unauthenticated Stored Cross-Site Scripting

The plugin is vulnerable to stored cross-site scripting due to missing sanitization of the files filename parameter found in the /includes/ajax/controllers/uploads.php file which can be used by unauthenticated attackers to add malicious web scripts to vulnerable WordPress sites...

Ninja Forms File Uploads Extension < 3.3.1 - Unauthenticated Arbitrary File Upload

The plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code...

WordPress Ninja Forms File Uploads Extension premium plugin <= 3.3.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.3.0. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least...

WordPress Ninja Forms File Uploads Extension premium plugin <= 3.3.12 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Nuno Correia Blaze Security in WordPress Ninja Forms File Uploads Extension premium plugin versions = 3.3.12. Solution Update the WordPress Ninja Forms File Uploads Extension premium plugin to the latest available version at least...