CVE-2022-50685

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers...

CVE-2022-50685 Kentico Xperience <= 13.0.56 File Upload Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers...

CVE-2022-50685 Kentico Xperience <= 13.0.56 File Upload Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers...

WordPress plugin WP Webhooks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

Computer Laboratory System admin_pic.php File Upload Vulnerability

Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from the mishandling of the image parameter by an unknown handler function in the /admin/adminpic.php file. An attacker can exploit this vulnerability to upload...

WordPress plugin WordPress Contact Form 7 PDF 安全漏洞

...

Kentico Xperience 代码问题漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a file upload vulnerability that stems from a lack of valid validation of uploaded files in the MVC form file upload component. The vulnerability can be exploited to remotely execute arbitrary code by...

FileRise 跨站脚本漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. A cross-site scripting vulnerability exists in FileRise versions prior to 2.7.1, which stems from insecure handling of user uploaded files and could lead to a stored cross-site scripting attack...

Code-Projects Computer Laboratory System 代码问题漏洞

Computer Laboratory System is a computer laboratory system. Computer Laboratory System has a file upload vulnerability that originates from a misbehavior of the parameter image in the file technicalstaffpic.php, which can be exploited by an attacker to cause an arbitrary file upload...

EUVD-2025-203227

The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handleimportfile function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Author-level access and above, to...

PT-2025-51062

Name of the Vulnerable Software and Affected Versions WP3D Model Import Viewer plugin for WordPress versions through 1.0.7 Description The WP3D Model Import Viewer plugin for WordPress is susceptible to arbitrary file uploads. This is due to a lack of file type validation within the handle import...

CVE-2025-12570 Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload

The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-image.php files. This makes it possible for...

EUVD-2025-202999

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the urlmediauploaderurluploadajaxhandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-leve...

EUVD-2025-203000

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.23. This is due to the uploadfile function in the infilityimportfile class only validating the MIME type which can ...

SourceCodester Real Estate Property Listing App 安全漏洞

SourceCodester Real Estate Property Listing App is an open source real estate listing application from SourceCodester. A security vulnerability exists in version 1.0 of the SourceCodester Real Estate Property Listing App, which stems from an incorrect manipulation of the parameter image in file...

Vulnerabilities fixed in Adobe ColdFusion

Adobe has fixed vulnerabilities in ColdFusion Specifically for versions 25.4, 23.16, 21.22 and earlier. The vulnerabilities are in the way ColdFusion handles file uploads, input validation, and data access. Users with high privileges can execute unauthorized code or access sensitive data without...

CVE-2025-14390

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

PT-2025-50528

Name of the Vulnerable Software and Affected Versions appRain CMF version 4.0.5 Description The application contains a remote code execution issue accessible to authenticated administrative users. An attacker can upload malicious PHP files through the filemanager upload endpoint. Successful...

CampCodes Retro Basketball Shoes Online Store 安全漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in Campcodes Retro Basketball Shoes Online Store version 1.0, which stems from incorrect manipulation of the parameter productimage in the file...