Lucene search
+L

109 matches found

CVE
CVE
added 2023/07/15 6:41 p.m.51 views

CVE-2023-30791

Plane version 0.7.1-dev is affected: an attacker can change a user’s avatar, enabling upload of files with an HTML extension that are interpreted as HTML and JavaScript. This is described across multiple sources as an insecure avatar-upload path leading to HTML/JS content. Remediation guidance in...

7.1CVSS5.6AI score0.0053EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/15 12:0 a.m.9 views

PT-2023-22984 · Plane · Plane

Name of the Vulnerable Software and Affected Versions: Plane version 0.7.1-dev Description: The issue allows an attacker to change the avatar of their profile, enabling the upload of files with HTML extension that can interpret both HTML and JavaScript. Recommendations: For Plane version 0.7.1-de...

7.1CVSS4.5AI score0.0053EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/07/15 12:0 a.m.6 views

Plane 代码问题漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.7.1-dev, which stems from a vulnerability that allows an attacker to change the avatar of their profile, thereby allowing the upload of files with HTML extensions...

7.1CVSS5.1AI score0.0053EPSS
Exploits1References4
Prion
Prion
added 2023/06/26 8:15 p.m.19 views

Cross site scripting

Cross Site Scripting XSS vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file...

4.3CVSS5.2AI score0.00592EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/26 12:0 a.m.19 views

CVE-2023-27082

Cross Site Scripting XSS vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file...

5.3AI score0.00592EPSS
Exploits0References1
OSV
OSV
added 2023/06/12 1:15 p.m.5 views

CVE-2023-34855

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

4.8CVSS6.1AI score0.00393EPSS
Exploits1References1
Prion
Prion
added 2023/06/12 1:15 p.m.17 views

Cross site scripting

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

4.3CVSS5.1AI score0.00393EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/12 12:0 a.m.7 views

CVE-2023-34855

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

6.2AI score0.00393EPSS
Exploits1References1
Prion
Prion
added 2023/06/09 8:15 p.m.11 views

Cross site scripting

A Cross Site Scripting XSS vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /authpic.cgi...

4.9CVSS5.4AI score0.0063EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 12:0 a.m.7 views

CVE-2023-34856

A Cross Site Scripting XSS vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /authpic.cgi...

5.4AI score0.0063EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/09 12:0 a.m.19 views

CVE-2023-34856

A Cross Site Scripting XSS vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /authpic.cgi...

5.6AI score0.0063EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/06/08 12:0 a.m.5 views

PT-2023-24000 · Pydio · Pydio Cells

Name of the Vulnerable Software and Affected Versions: Pydio Cells versions 4.1.2 and earlier Description: The issue allows for cross-site scripting XSS due to the exposure of secrets used to sign presigned URLs for file downloads. These secrets are hardcoded and accessible through the web...

5.4CVSS6.1AI score0.02937EPSS
Exploits4References6
Positive Technologies
Positive Technologies
added 2023/06/04 12:0 a.m.8 views

PT-2023-3552 · D Link · D-Link Di-7500G-Ci

Name of the Vulnerable Software and Affected Versions: D-Link DI-7500G-CI version 19.05.29A Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code by uploading a crafted HTML file to the "interface /auth pic.cgi". The vulnerability is related to the lack of...

5.8CVSS6.9AI score0.0063EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/30 5:27 p.m.10 views

CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

6.3CVSS6.7AI score0.00639EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.9 views

Parse Server 代码问题漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...

6.5CVSS6.4AI score0.00639EPSS
Exploits0References4
Prion
Prion
added 2023/05/23 1:15 a.m.19 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

4.3CVSS5.3AI score0.00263EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.34 views

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

5.6AI score0.00263EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.11 views

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

7.6AI score0.00263EPSS
Exploits1References1
NVD
NVD
added 2023/05/17 1:15 a.m.22 views

CVE-2022-45144

Algoo Tracim before 4.4.2 allows XSS via HTML file upload...

6.1CVSS6AI score0.00657EPSS
Exploits1References3
Prion
Prion
added 2023/05/17 1:15 a.m.20 views

Unrestricted file upload

Algoo Tracim before 4.4.2 allows XSS via HTML file upload...

5.8CVSS5.9AI score0.00657EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder