Lucene search
K

85 matches found

CNNVD
CNNVD
added 2023/11/17 12:0 a.m.4 views

PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . PortlandLabs Concrete CMS before 8.5.13, before 9.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the administration page of the...

5.4CVSS6.2AI score0.00587EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/08 12:0 a.m.3 views

PT-2023-25222 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.0.10 Description: The issue is related to improper encoding or escaping of output, which can lead to cross-site scripting filter bypass in folder names, potentially resulting in information disclosure...

7.6CVSS5.9AI score0.00468EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.3 views

PT-2023-14815 · Syncthing +2 · Syncthing +2

Name of the Vulnerable Software and Affected Versions: Syncthing versions prior to 1.23.5 Description: The issue concerns a stored cross-site scripting attack in Syncthing, an open-source continuous file synchronization program. A compromised instance with shared folders could sync malicious file...

7.5CVSS7.2AI score0.0197EPSS
Exploits1References29
OSV
OSV
added 2023/04/28 3:30 p.m.13 views

GHSA-474F-MCJV-PGRM Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names

Concrete CMS previously concrete5 before 9.1 is vulnerable to Stored XSS in uploaded file and folder names...

3.5CVSS5.1AI score0.0064EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/04/28 2:15 p.m.5 views

CVE-2023-28819

Concrete CMS previously concrete5 versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names...

5.4CVSS5.9AI score0.0064EPSS
Exploits0References4
OSV
OSV
added 2023/04/28 2:15 p.m.16 views

CVE-2023-28819

Concrete CMS previously concrete5 versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names...

5.4CVSS5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/28 12:0 a.m.5 views

PT-2023-21987 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0.0 through 9.0.2 Description: The issue is related to Stored XSS in uploaded file and folder names. Recommendations: For Concrete CMS...

5.4CVSS5.1AI score0.0064EPSS
Exploits0References11
OSV
OSV
added 2023/02/21 9:15 a.m.3 views

CVE-2023-0285

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.7AI score0.00457EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.5 views

CVE-2023-0285 Real Media Library < 4.18.29 - Author+ Stored XSS

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00457EPSS
Exploits2References1
OSV
OSV
added 2022/05/24 5:26 p.m.15 views

GHSA-G2X4-256V-5PVX Codiad Cross-site Scripting Vulnerability

A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by co...

6.1CVSS6AI score0.01172EPSS
Exploits1References5
OSV
OSV
added 2022/03/10 9:15 p.m.27 views

CVE-2021-41233

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an...

5.3CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2022/03/10 9:15 p.m.23 views

Code injection

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an...

4.3CVSS5.2AI score0.00758EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/09 5:15 a.m.4 views

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

4.3CVSS5.8AI score0.00756EPSS
Exploits1References3
NVD
NVD
added 2022/02/09 5:15 a.m.10 views

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

4.3CVSS0.00756EPSS
Exploits1References2
Prion
Prion
added 2022/02/09 5:15 a.m.11 views

Design/Logic Flaw

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

4CVSS4.6AI score0.00756EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/02/09 4:31 a.m.20 views

CVE-2022-24694

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected. Neither file names nor file contents are affected...

4.8AI score0.00756EPSS
Exploits1References2
Prion
Prion
added 2021/10/08 4:15 p.m.17 views

Authorization

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in...

5CVSS5.3AI score0.00999EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/08 3:15 p.m.15 views

CVE-2021-41976 Tad Uploader - Improper Authorization

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in...

5.3CVSS5.5AI score0.00999EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/08 12:0 a.m.2 views

Tad Uploader 访问控制错误漏洞

Tad Uploader is a file upload management module from the individual developers of Tad in Taiwan, China.An authorization issue vulnerability exists in Tad Uploader, which could be exploited by remote attackers to modify the names of folders in a booklist using this feature without logging in...

5.3CVSS5.8AI score0.00999EPSS
Exploits0References2
Prion
Prion
added 2021/08/30 7:15 p.m.16 views

Cross site scripting

The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1...

3.5CVSS5.2AI score0.0056EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder