Cross-site Scripting (Stored XSS)

Description For any role that has permission to execute function assets, i can upload a html file and that leads to XSS. Proof of Concept 1. Link PoC: https://docs.google.com/document/d/1pZAi6PZiBmN3yNsBmY8Z9Qd3hv-8zPHUh69h-i1rvA/edit?usp=sharing 2. Link video PoC:...

Upload Media By URL < 1.0.8 - Stored XSS via CSRF

Description The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf. Have a logged in user with the unfilteredhtml capability open an...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

Privilege escalation

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

Statamic 4.7.0 - File Inclusion Vulnerability

Title: Statamic 4.7.0 - File-Inclusion Author: nu11secur1ty Vendor: https://statamic.com/ Software: https://demo.statamic.com/ Reference: https://portswigger.net/web-security/file-upload Description: The statamic-4.7.0 suffers from file inclusion - file upload vulnerability. The attacker can uplo...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2023-37733

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2023-37733

CVE-2023-37733 affects tduck-platform v4.0 and is described in the provided sources as an arbitrary file upload vulnerability that allows attackers to execute arbitrary code via a crafted HTML file. The available connected documents confirm the vendor/platform and vulnerability class but do not p...

CVE-2023-30791

Plane version 0.7.1-dev is affected: an attacker can change a user’s avatar, enabling upload of files with an HTML extension that are interpreted as HTML and JavaScript. This is described across multiple sources as an insecure avatar-upload path leading to HTML/JS content. Remediation guidance in...

Plane 代码问题漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.7.1-dev, which stems from a vulnerability that allows an attacker to change the avatar of their profile, thereby allowing the upload of files with HTML extensions...

PT-2023-22984 · Plane · Plane

Name of the Vulnerable Software and Affected Versions: Plane version 0.7.1-dev Description: The issue allows an attacker to change the avatar of their profile, enabling the upload of files with HTML extension that can interpret both HTML and JavaScript. Recommendations: For Plane version 0.7.1-de...

CVE-2023-38253

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

Design/Logic Flaw

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-38253

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

UBUNTU-CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-38253

CVE-2023-38253 is a vulnerability in w3m (growbuf_to_Str in indep.c) causing an out-of-bounds read that can lead to a denial of service when processing crafted HTML. Connected advisories confirm this issue alongside related CVEs and indicate that patches/upgrades for w3m are available in multiple...

CVE-2023-38253 W3m: out of bounds read in growbuf_to_str() at w3m/indep.c

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...