CVE-2023-38253

An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-38252

CVE-2023-38252 : Affected software is the w3m pager/browser. The vulnerability is an out-of-bounds read in the Strnew_size function of Str.c, which can allow a crafted HTML file to trigger a denial of service. Multiple connected advisories confirm the issue and reference related CVEs (38253, 4255...

CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

Cross site scripting

Cross Site Scripting XSS vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file...

CVE-2023-27082

Cross Site Scripting XSS vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file...

CVE-2023-34855

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

CVE-2023-34855

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

Cross site scripting

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

CVE-2023-34855

A Cross Site Scripting XSS vulnerability in Youxun Electronic Equipment Shanghai Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi...

CVE-2023-34856

A Cross Site Scripting XSS vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /authpic.cgi...

Cross site scripting

A Cross Site Scripting XSS vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /authpic.cgi...

CVE-2023-34856

A Cross Site Scripting XSS vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /authpic.cgi...

CVE-2023-34856

The CVE-2023-34856 entry concerns a Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A. A crafted HTML file uploaded to the web interface at /auth_pic.cgi can allow arbitrary code execution. Affected product/version: D-Link DI-7500G-CI, version 19.05.29A. Root cause/impa ct ...

CVE-2023-34856

A Cross Site Scripting XSS vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /authpic.cgi...

Cross site scripting

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

PT-2023-24000 · Pydio · Pydio Cells

Name of the Vulnerable Software and Affected Versions: Pydio Cells versions 4.1.2 and earlier Description: The issue allows for cross-site scripting XSS due to the exposure of secrets used to sign presigned URLs for file downloads. These secrets are hardcoded and accessible through the web...

PT-2023-3552 · D Link · D-Link Di-7500G-Ci

Name of the Vulnerable Software and Affected Versions: D-Link DI-7500G-CI version 19.05.29A Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code by uploading a crafted HTML file to the "interface /auth pic.cgi". The vulnerability is related to the lack of...

Phishing Attack

parse-server is vulnerable to Phishing Attacks. A malicious user is able to upload an HTML file to the system via its public API, which is available at the internet domain where Parse Server is hosted, allowing the URL of the uploaded HTML files to be used for phishing attacks...

CVE-2023-32689

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...