Lucene search
K

257 matches found

Fedora
Fedora
added 2024/05/26 1:29 a.m.16 views

[SECURITY] Fedora 40 Update: rust-elfcat-0.1.8-10.fc40

ELF visualizer. Generates HTML files from ELF binaries...

7.2AI score
Exploits0
Veracode
Veracode
added 2024/05/14 9:47 a.m.14 views

Stored Cross-Site Scripting (XSS)

nocodb is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when viewing uploaded HTML files, allowing malicious scripts to be executed when the file is opened in a browser...

5.7CVSS6AI score0.00574EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/04/22 11:15 p.m.21 views

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

5.4CVSS5.1AI score0.00463EPSS
Exploits0References4
OSV
OSV
added 2024/04/01 7:50 p.m.13 views

MGASA-2024-0105 Updated w3m packages fix security vulnerabilities

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. CVE-2023-38252 An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an...

5.5CVSS6.3AI score0.00355EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2024/03/27 12:0 a.m.5 views

The vulnerability in the phpMyFAQ web application allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability in the phpMyFAQ web application is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS using specially created .html files...

5.8CVSS5.2AI score0.00508EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/02/16 8:27 p.m.42 views

CVE-2024-25627

CVE-2024-25627 affects Alf.io. The vulnerability is an XSS via HTML file upload that requires administrative access to trigger a JavaScript payload, enabling persistence if an attacker gains admin rights. Affected software is Alf.io prior to version 2.0-M4-2402; the issue has been addressed in ve...

4.8CVSS3.9AI score0.0043EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2024/02/02 8:1 a.m.16 views

Cross-site Scripting

statamic/cms is vulnerable to Cross-site Scripting. The vulnerability is due to there is no sanitizing or validating the contents of uploaded files. This allows attackers to upload HTML files disguised as JPG files, enabling the execution of malicious scripts...

8.2CVSS6.7AI score0.00734EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/02/01 4:42 p.m.7 views

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS6.8AI score0.00734EPSS
Exploits1References5
NVD
NVD
added 2024/01/10 9:15 a.m.21 views

CVE-2023-51252

PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...

5.4CVSS5.4AI score0.00297EPSS
Exploits1References1
OSV
OSV
added 2023/11/22 8:55 p.m.29 views

GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

7.5CVSS6.7AI score0.007EPSS
Exploits0References5
NVD
NVD
added 2023/11/22 5:15 p.m.20 views

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

5.4CVSS0.00414EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/11/22 5:15 p.m.5 views

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

5.4CVSS6.1AI score0.00414EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/11/22 12:0 a.m.21 views

CVE-2023-47314

Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...

5.5AI score0.00414EPSS
Exploits1References1
NVD
NVD
added 2023/11/21 11:15 p.m.50 views

CVE-2023-48701

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

7.5CVSS0.007EPSS
Exploits0References3
Prion
Prion
added 2023/11/21 11:15 p.m.16 views

Authentication flaw

Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...

5.8CVSS6.9AI score0.007EPSS
Exploits0References3Affected Software1
Rosalinux
Rosalinux
added 2023/10/31 2:7 p.m.30 views

Advisory ROSA-SA-2023-2285

software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...

7.8CVSS6.6AI score0.0663EPSS
Exploits1
OSV
OSV
added 2023/10/17 4:15 p.m.2 views

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

9.8CVSS7.3AI score0.00797EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.3 views

PT-2023-20971 · Tsplus · Tsplus Remote Work

Name of the Vulnerable Software and Affected Versions: TSplus Remote Work version 16.0.0.0 Description: The issue is related to weak permissions for certain file types, including .exe, .js, and .html files, located under the %PROGRAMFILESX86%TSplus-RemoteWorkClientswww folder. This weakness may...

9.8CVSS9.5AI score0.00797EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.5 views

FileBrowser 跨站脚本漏洞

FileBrowser is an open source web file browser. Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a cross-site scripting vulnerability that can be exploited by an attacker to escalate privileges ...

9CVSS6.3AI score0.00725EPSS
Exploits1References5
Veracode
Veracode
added 2023/08/08 7:41 a.m.25 views

Cross-site Scripting (XSS)

cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to bootstrap.php accepting html files as an upload, which allows an attacker to inject and execute malicious Javascript into the browser...

5.4CVSS6.6AI score0.00408EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder