Mozilla Firefox Security Advisory (MFSA2016-80) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2021-41792

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to...

CVE-2021-41792

An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request is not available to...

Hardcoded credentials

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

CVE-2021-24563 Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

CVE-2021-24563

The CVE-2021-24563 affects the WordPress Frontend Uploader plugin prior to v1.3.2. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by the plugin not preventing HTML file uploads via its form, enabling an unauthenticated user to upload an HTML file containing JavaScript that e...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Frontend Uploader prior to version 1.3.2, which stems from the fact that the plugin does not prevent the uploading of HTML files, e.g., it allows unauthenticate...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

The plugin does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly PoC In a page/posts where the fu-upload-form shortcode is embed,...

ZKEACMS code issue vulnerability

ZKEACMS is an open source visually designed, WYSIWYG content management system. version 3.2.0 of ZKEACMS contains a security vulnerability that stems from an arbitrary file upload vulnerability in the application's "/admin/media/upload", which could be exploited to execute arbitrary code via a...

CVE-2020-20670

An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2020-20670

An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file...

CVE-2021-34435

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...

CVE-2021-30870

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers...

Hardcoded credentials

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers...

CVE-2021-30870

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers...

A Wide Range of Cyber Attacks Leveraging Prometheus TDS Malware Service

Multiple cybercriminal groups are leveraging a malware-as-a-service MaaS solution to carry out a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish against individuals in Belgi...

Exploit for Use After Free in Google Chrome

CVE-2021-30573-PoC-Google-Chrome Google Chrome Use After Free...

in polonel/trudesk

💥 BUG Stored xss via file upload 💥 IMPACT Stored xss allow to execute arbitary javascript in victim trudesk account External user also can execute xss in admin account here. 💥 STEP TO REPRODUCE 1. First from admin goto http://localhost:8118/teams and create a team called team2.\ Now goto...

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...