257 matches found
[SECURITY] Fedora 40 Update: rust-elfcat-0.1.8-10.fc40
ELF visualizer. Generates HTML files from ELF binaries...
Stored Cross-Site Scripting (XSS)
nocodb is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when viewing uploaded HTML files, allowing malicious scripts to be executed when the file is opened in a browser...
CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
MGASA-2024-0105 Updated w3m packages fix security vulnerabilities
An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. CVE-2023-38252 An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an...
The vulnerability in the phpMyFAQ web application allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability in the phpMyFAQ web application is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS using specially created .html files...
CVE-2024-25627
CVE-2024-25627 affects Alf.io. The vulnerability is an XSS via HTML file upload that requires administrative access to trigger a JavaScript payload, enabling persistence if an attacker gains admin rights. Affected software is Alf.io prior to version 2.0-M4-2402; the issue has been addressed in ve...
Cross-site Scripting
statamic/cms is vulnerable to Cross-site Scripting. The vulnerability is due to there is no sanitizing or validating the contents of uploaded files. This allows attackers to upload HTML files disguised as JPG files, enabling the execution of malicious scripts...
CVE-2024-24570 Statamic account takeover via XSS and password reset link
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets
Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-48701
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...
Authentication flaw
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...
Advisory ROSA-SA-2023-2285
software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...
CVE-2023-27133
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...
PT-2023-20971 · Tsplus · Tsplus Remote Work
Name of the Vulnerable Software and Affected Versions: TSplus Remote Work version 16.0.0.0 Description: The issue is related to weak permissions for certain file types, including .exe, .js, and .html files, located under the %PROGRAMFILESX86%TSplus-RemoteWorkClientswww folder. This weakness may...
FileBrowser 跨站脚本漏洞
FileBrowser is an open source web file browser. Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a cross-site scripting vulnerability that can be exploited by an attacker to escalate privileges ...
Cross-site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to bootstrap.php accepting html files as an upload, which allows an attacker to inject and execute malicious Javascript into the browser...