CVE-2025-14632 Filr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload

The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILRUploader class. This makes it possible for authenticated attackers,...

CVE-2025-14632 Filr – Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload

The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILRUploader class. This makes it possible for authenticated attackers,...

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...

CVE-2025-65027 RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...

CVE-2025-63307

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting XSS. The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization...

Laravel File Manager 安全漏洞

Laravel File Manager is a Laravel file manager by Aleksandr Manekin Personal Developer. A security vulnerability exists in Laravel File Manager version 3.3.1, which stems from allowing users to upload create and rename HTML and SVG type files without adequate content type validation or output...

CVE-2025-62618

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

CVE-2025-62618

ELOG (Electronic Logbook) up to version 3.1.5-20251014 is vulnerable: authenticated users can upload arbitrary HTML files, which are executed in other users’ contexts, exposing usernames and password hashes and enabling credential theft or offline cracking. In the 3.1.5-20251014 release, HTML fil...

ELOG multiple vulnerabilities

RISK EVALUATION ELOG the Electronic Logbook package contains multiple vulnerabilities. Regardless of configuration, low-privileged attackers can modify user profiles, escalate privileges, and deny access to ELOG. If the execute facility is specifically enabled with the "-x" command line flag,...

PT-2025-44664

Name of the Vulnerable Software and Affected Versions ELOG versions prior to 3.1.5-20251014 Description ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. The application includes usernames and...

CVE-2025-62421

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a route upload/fileId that uses a URL path...

EUVD-2018-8204

Malware in sbrugna...

EUVD-2021-0194

Malware in sbrugna...

EUVD-2023-2924

Malicious code in bioql PyPI...

EUVD-2021-28800

Malicious code in bioql PyPI...

EUVD-2023-0672

Malicious code in bioql PyPI...

EUVD-2025-28234

Malicious code in bioql PyPI...

CVE-2025-44593

Halo before version 2.20.13 is affected by a vulnerability where file type detection can be bypassed, allowing upload of malicious files such as .exe and .html. The upload of .html files can trigger stored XSS. This issue is fixed in 2.20.13. Affected product/versions are Halo prior to 2.20.13; r...

CVE-2025-56236

FormCms v0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser...