277 matches found
CVE-2021-37794
A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...
CVE-2021-37794
A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...
CVE-2021-37794
CVE-2021-37794 affects FileBrowser
FileBrowser 跨站脚本漏洞
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a cross-site scripting vulnerability that is caused by improper validation of...
CMSimple 5.2 - (External) Stored XSS Vulnerability
Exploit Title: CMSimple 5.2 - 'External' Stored XSS Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser "External:" input field...
Code injection
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS aka Job...
CVE-2020-35656
CVE-2020-35656 affects Jaws (CMS) up to version 1.8.0. The vulnerability arises from crafted requests to admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files, which allow an authenticated administrator to upload a .php file an...
CVE-2013-1420
Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to backup-edit.php; 2 title or 3 menu parameter to edit.php; or 4 path or 5 returnid parameter to filebrowser.php in admin/. NOTE: t...
Seagate NAS OS Path Traversal Vulnerability
Seagate NAS OS is a NAS Network Attached Storage operating system from Seagate, Inc. filebrowser is one of the file browsers. A path traversal vulnerability exists in the filebrowser in Seagate NAS OS version 4.3.15.1. The vulnerability stems from a failure of a network system or product to...
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...
Cross site scripting
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...
Directory traversal
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...
Cross site scripting
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...
CVE-2018-12298
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...
CVE-2018-12303
An XSS vulnerability in Seagate NAS OS filebrowser (version 4.3.15.1) allows attackers to inject and execute JavaScript via directory names. This is described across multiple sources (CVE-2018-12303). The connected records confirm the affected product and vulnerability class but do not provide ex...
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...
CVE-2018-12299
CVE-2018-12299 relates to a cross-site scripting (XSS) vulnerability in Seagate NAS OS 4.3.15.1 filebrowser. The issue arises because uploaded file names can trigger JavaScript execution in the browser, enabling an attacker to perform actions in a victim’s session. The available connected documen...
CVE-2018-12299
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...
CVE-2019-1000024
OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting XSS vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result...