CVE-2023-42180

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file...

Lenosp Code Issues Vulnerabilities

Lenosp is a Spring Boot 2.0 rapid development modular scaffolding organized by Zhengzhou Programmers zzdevelop in China. A security vulnerability exists in Lenosp versions 1.0.0 to 1.2.0. The vulnerability stems from an arbitrary file upload vulnerability in the /user/upload component, which allo...

Pimcore contains Unrestricted Upload of File with Dangerous Type

Impact The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to uplo...

Sanitize 跨站脚本漏洞

Sanitize is an HTML and CSS cleaner by Ryan Grove, an individual developer in the United States, which supports removing HTML, CSS, etc. from strings. A cross-site scripting vulnerability exists in Sanitize version 5.0.0 up to versions prior to 6.0.1. An attacker exploited the vulnerability to...

CVE-2022-47102

A cross-site scripting XSS vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

File Upload Type Validation Error

Description The upload functionality does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS...

Cross site scripting

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the...

Design/Logic Flaw

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

GHSA-W969-PQ6X-267J INTER-Mediator Cross-Site Scripting (XSS)

Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...

PluXml 安全漏洞

PluXml is a free and open source content management system that does not require a database to work. PluXml suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML...

Lansweeper 跨站脚本漏洞

Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery, network settings scanning, etc. A cross-site scripting vulnerability exists in Lansweeper 9.1.20.2, which stems from a failure to adequately clean user-supplied data in...

Design/Logic Flaw

Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48501)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

Catfish CMS Cross-Site Scripting Vulnerability (CNVD-2021-49051)

Catfish Catfish CMS is open source and free PHP CMS web content management system. A cross-site scripting vulnerability exists in Catfish CMS version 4.9.90. An attacker can exploit this vulnerability to execute arbitrary Web script or HTML via the announcementgonggao parameter...

Moodle cross-site scripting vulnerability (CNVD-2021-43377)

Moodle is a learning platform designed to provide educators, administrators, and learners with a powerful, secure, and integrated system for creating personalized learning environments. A cross-site scripting vulnerability exists in Moodle version 3.10.3. The vulnerability can be exploited by a...

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

CVE-2021-26549

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site...

Wing FTP Cross-Site Scripting Vulnerability

Wing FTP Server is a cross-platform FTP server software. A cross-site scripting vulnerability exists in Wing FTP version 6.4.4, where an arbitrary IFRAME element can be included in a help page via a specially crafted link, which can be exploited by an attacker to execute sandbox arbitrary HTML an...

Wing FTP 跨站脚本漏洞

Wing FTP Server is a cross-platform FTP server software. A cross-site scripting vulnerability exists in Wing FTP version 6.4.4, where an arbitrary IFRAME element can be included in a help page via a specially crafted link, which can be exploited by an attacker to execute sandbox arbitrary HTML an...