CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

Parse Server 代码问题漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

CVE-2022-45144

Algoo Tracim before 4.4.2 allows XSS via HTML file upload...

Unrestricted file upload

Algoo Tracim before 4.4.2 allows XSS via HTML file upload...

CVE-2022-45144

Algoo Tracim before 4.4.2 allows XSS via HTML file upload...

CVE-2022-45144

CVE-2022-45144 affects Algoo Tracim prior to 4.4.2. The issue is a cross-site scripting (XSS) vulnerability triggered by uploading HTML files, enabling injection of scripts within the affected web app. The PT-Security advisory explicitly recommends upgrading to version 4.4.2 or later to resolve t...

CVE-2022-45144

Algoo Tracim before 4.4.2 allows XSS via HTML file upload...

GHSA-G7RJ-Q722-245G jsreport vulnerable to code injection

jsreport prior to 3.11.3 had a version of vm2 vulnerable to CVE-2023-29017 hard coded in the package.json of the jsreport-core component. An attacker can use this vulnerability to obtain the authority of the jsreport playground server, or construct a malicious webpage/html file and send it to the...

Serendipity 2.4.0 - File Inclusion Remote Code Execution Exploit

Exploit Title: Serendipity 2.4.0 - File Inclusion RCE Author: nu11secur1ty Vendor: https://docs.s9y.org/index.html Software: https://github.com/s9y/Serendipity/releases/tag/2.4.0 Reference: https://portswigger.net/web-security/file-upload Reference:...

XML.php JSONP hijacking

Description The XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker. Proof of Concept We created an HTML file as a proof of concept to showcase the vulnerability. This HTML file will...

CVE-2023-1680

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the...

Important: clamav

Issue Overview: A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improp...

Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2023-052)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-052 advisory. A vulnerability in the OOXML parsing module in Clam AntiVirus ClamAV Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause...

Design/Logic Flaw

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...

SUSE CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...