85 matches found
PortlandLabs Concrete CMS 跨站脚本漏洞
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . PortlandLabs Concrete CMS before 8.5.13, before 9.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the administration page of the...
PT-2023-25222 · Teampass · Teampass
Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.0.10 Description: The issue is related to improper encoding or escaping of output, which can lead to cross-site scripting filter bypass in folder names, potentially resulting in information disclosure...
PT-2023-14815 · Syncthing +2 · Syncthing +2
Name of the Vulnerable Software and Affected Versions: Syncthing versions prior to 1.23.5 Description: The issue concerns a stored cross-site scripting attack in Syncthing, an open-source continuous file synchronization program. A compromised instance with shared folders could sync malicious file...
GHSA-474F-MCJV-PGRM Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Concrete CMS previously concrete5 before 9.1 is vulnerable to Stored XSS in uploaded file and folder names...
CVE-2023-28819
Concrete CMS previously concrete5 versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names...
CVE-2023-28819
Concrete CMS previously concrete5 versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names...
PT-2023-21987 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0.0 through 9.0.2 Description: The issue is related to Stored XSS in uploaded file and folder names. Recommendations: For Concrete CMS...
CVE-2023-0285
The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0285 Real Media Library < 4.18.29 - Author+ Stored XSS
The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
GHSA-G2X4-256V-5PVX Codiad Cross-site Scripting Vulnerability
A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...
CVE-2021-41233
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an...
Code injection
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an...
CVE-2022-24694
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...
CVE-2022-24694
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...
Design/Logic Flaw
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...
CVE-2022-24694
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...
Authorization
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in...
CVE-2021-41976 Tad Uploader - Improper Authorization
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in...
Tad Uploader 访问控制错误漏洞
Tad Uploader is a file upload management module from the individual developers of Tad in Taiwan, China.An authorization issue vulnerability exists in Tad Uploader, which could be exploited by remote attackers to modify the names of folders in a booklist using this feature without logging in...
Cross site scripting
The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1...