CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

CVE-2024-8400

CVE-2024-8400 is a stored cross-site scripting vulnerability in gaizhenbiao/chuanhuchatgpt. The issue stems from lack of proper filtering/escaping when a user uploads an HTML file that contains JavaScript, which is then executed when the file is accessed. This enables arbitrary JavaScript executi...

CVE-2024-12374 Stored XSS in automatic1111/stable-diffusion-webui

A stored cross-site scripting XSS vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript...

[SECURITY] Fedora 42 Update: libxml2-2.12.10-1.fc42

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2025-1797

A vulnerability, which was classified as critical, has been found in Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System up to 20250217. Affected by this issue is some unknown functionality of the file /wuser/anyUserBoundHouse.php. The manipulation of the...

CVE-2022-21650

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

SUSE-SU-2025:0327-1 Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. - Start clamonacc with --fdpass to avoid errors due to clamd not being able to...

CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

CVE-2024-41454

CVE-2024-41454 : The reports indicate an arbitrary file upload vulnerability in the Process Maker pm4core-docker 4.1.21-RC7 UI login page logo upload function. A crafted PHP or HTML file can be uploaded, enabling arbitrary code execution. The exact root cause described is an insecure file upload ...

CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

LangChain < 0.1.0 SSRF

The version of LangChain installed on the remote host is prior to 0.1.0. It is, therefore, affected by a SSRF vulnerability. An attacker in control of the contents of 'https://example.com' could place a malicious HTML file in there with links like 'https://example.completely.different/myfile.html...

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...

CVE-2024-55074

Affected software: Grocy, prior to version 4.3.0. Vulnerability: stored cross-site scripting (XSS) in the edit profile function triggered by uploading crafted HTML or SVG files, leading to privilege escalation. Root cause/impact: manipulation via file upload within the edit profile path; implicat...

CVE-2024-12042

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for...

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

CVE-2024-53617

CVE-2024-53617 is a cross-site scripting vulnerability in LibrePhotos prior to commit 32237. An attacker can take over an account by uploading an HTML file on behalf of the admin user, leveraging an IDOR flaw in the file upload mechanism. The public description and related sources consistently ci...

GHSA-5R2G-59PX-3Q9W Stored XSS using two files in usememos/memos

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...

CVE-2023-0109

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...

CVE-2023-0109 Stored XSS in usememos/memos

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...