88 matches found
CVE-2023-28459
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...
CVE-2023-28459
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
PYSEC-2023-40
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
PYSEC-2023-41
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...
Path traversal
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...
PYSEC-2023-40
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
Path traversal
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
EUVD-2023-0205
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
PYSEC-2023-41
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...
Stored Cross-Site Scripting (XSS)
thorsten/phpmyfaq is vulnerable to Stored Cross-Site Scripting XSS.The vulnerability is due to a lack of sanitization when generating an HTML export...
PT-2023-21732 · Pretalx · Pretalx
Name of the Vulnerable Software and Affected Versions: pretalx versions 2.3.1 through 2.3.1 Description: The issue allows path traversal in HTML export, a non-default feature. Users can upload crafted HTML documents that trigger the reading of arbitrary files. Recommendations: For pretalx version...
CVE-2023-28458
CVE-2023-28458 affects Pretalx up to version 2.3.1, where path traversal in the HTML export feature can allow overwriting an arbitrary file with the standard 404 page content. The vulnerability is documented with multiple sources confirming a limited file-write condition that can lead to a broade...
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
CVE-2023-28458
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Organizers can trigger the overwriting with the standard pretalx 404 page content of an arbitrary file...
PT-2023-21731 · Pretalx · Pretalx
Name of the Vulnerable Software and Affected Versions: pretalx versions 2.3.1 through 2.3.1 Description: The issue allows path traversal in HTML export, a non-default feature. Organizers can trigger the overwriting of an arbitrary file with the standard pretalx 404 page content. Recommendations:...
CVE-2023-28459
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...
CVE-2023-28459
Pretalx 2.3.1 up to 2.3.2 is vulnerable to path traversal in the HTML export feature. Crafted HTML documents uploaded for the non-default HTML export path can cause arbitrary file reads. The issue is tied to how the export package includes files referenced by HTML tags without proper path validat...
CVE-2023-28459
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...