CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

PT-2020-6675

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.9.x before 2.9.3 Ansible Engine versions 2.8.x before 2.8.8 Ansible Engine versions 2.7.x before 2.7.16 and earlier Description The issue is related to the nxos file copy module in Ansible, which can be used to copy...

Ansible: malicious code could craft filename in nxos_file_copy module

A vulnerability in Ansible's nxosfilecopy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues...

Cross-Site Scripting (XSS)

fileview is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a user's browser via the filename parameter as there was no validation and sanitization on filenames...

Cross site scripting

Cross-site scripting XSS vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

CVE-2014-4535

CVE-2014-4535 is a cross-site scripting vulnerability in WordPress Import Legacy Media plugin (versions = 0.1 (or patch) as indicated by the sources. If exploitation details are not provided in a given document, they are not assumed here.”}

CVE-2014-4544

Cross-site scripting XSS vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php...

CVE-2014-4539

Cross-site scripting XSS vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

CVE-2014-4544

Cross-site scripting XSS vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php...

CVE-2014-4539

CVE-2014-4539 : A cross-site scripting (XSS) flaw in the WordPress Movies plugin (versions 0.6 and earlier) exists due to insufficient validation in the filename parameter of getid3/demos/demo.mimeonly.php. This allows remote attackers to inject arbitrary script/HTML, potentially executing code i...

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV allows a malicious individual to gain unauthorized access to arbitrary reports.

The vulnerability of the Web Time and Expense interface of the integrated enterprise management system Microsoft Dynamics NAV is related to the insecure direct object reference IDOR. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to arbitrar...

VulnCheck KEV: CVE-2013-5912

VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action...

Parallels Plesk Panel Cross-Site Scripting Vulnerability (CNVD-2020-41525)

Parallels Plesk Panel is a control panel for the Plesk web hosting platform from Parallels USA. A cross-site scripting vulnerability exists in Parallels Plesk Panel version 9.5 in target/locales/tr-TR/help/index.htm? that can be exploited to inject JavaScript via the "fileName" parameter...

CVE-2019-17523

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...

Cross site scripting

An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp...

OpenEMR Path Traversal Vulnerability

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A path traversal vulnerability exists in the 'fileName' parameter of the...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...

CVE-2019-16123

PilusCart <=1.4.1 is affected by a Local File Inclusion in catalog.php due to mis-handling of the filename parameter, allowing disclosure of sensitive files via path traversal (../). The issue is documented in multiple sources (NVD entry CVE-2019-16123; Nuclei template: PilusCart =1.4.2 or app...

CVE-2019-16123

In Kartatopia PilusCart 1.4.1, the parameter filename in the file catalog.php is mishandled, leading to ../ Local File Disclosure...