CVE-2013-1420

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to backup-edit.php; 2 title or 3 menu parameter to edit.php; or 4 path or 5 returnid parameter to filebrowser.php in admin/. NOTE: t...

Seagate NAS OS Path Traversal Vulnerability

Seagate NAS OS is a NAS Network Attached Storage operating system from Seagate, Inc. filebrowser is one of the file browsers. A path traversal vulnerability exists in the filebrowser in Seagate NAS OS version 4.3.15.1. The vulnerability stems from a failure of a network system or product to...

Directory traversal

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

CVE-2018-12298

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

Cross site scripting

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

Cross site scripting

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...

CVE-2018-12303

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

CVE-2018-12303

An XSS vulnerability in Seagate NAS OS filebrowser (version 4.3.15.1) allows attackers to inject and execute JavaScript via directory names. This is described across multiple sources (CVE-2018-12303). The connected records confirm the affected product and vulnerability class but do not provide ex...

CVE-2018-12303

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

CVE-2018-12299

CVE-2018-12299 relates to a cross-site scripting (XSS) vulnerability in Seagate NAS OS 4.3.15.1 filebrowser. The issue arises because uploaded file names can trigger JavaScript execution in the browser, enabling an attacker to perform actions in a victim’s session. The available connected documen...

CVE-2018-12299

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...

CVE-2019-1000024

OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting XSS vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result...

Cross site scripting

OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting XSS vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. The "id" and "operation" GET parameters can be used to inject arbitrary JavaScript which is returned in the page's response that can result...

Directory traversal

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal...

CVE-2018-13980

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal...

CVE-2018-13980

CVE-2018-13980 affects Zeta Producer Desktop CMS <14.2.1. The vulnerability is Local File Inclusion via the filebrowser plugin, exploiting assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. Resulting impact is unauthenticated local file disclosure on websites built with ...

CVE-2018-13980

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal...

Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure

Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable...

Zeta Producer Desktop CMS 14.2.0 Code Execution / File Disclosure

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable version: =14.2.1 CVE number: CVE-2018-13981, CVE-2018-13980 impact: critical...

Unauthorized Modification

The filebrowser-safe library is vulnerable to unauthorized modification attacks. filebrowser-safe has a directory traversal issue which allows an authenticated administrative level user to rename or delete files under the static directory, above the filebrowser uploads directory. This level of...