Lucene search
K

68 matches found

OSV
OSV
added 2021/10/11 11:15 a.m.5 views

CVE-2021-24563

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

6.1CVSS5.8AI score0.26379EPSS
Exploits6References2
CNNVD
CNNVD
added 2021/01/12 12:0 a.m.10 views

Open-xchange OX App Suite 跨站脚本漏洞

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A cross-site scripting vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability via a specially crafted Content-Disposition header ...

6.1CVSS6.2AI score0.01133EPSS
Exploits0References2
Prion
Prion
added 2018/11/21 9:29 p.m.24 views

Design/Logic Flaw

In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validatesafefile in admin/inc/securityfunctions.php...

4CVSS5.3AI score0.00777EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/21 9:0 p.m.67 views

CVE-2018-19421

CVE-2018-19421 affects GetSimpleCMS 3.3.15. The vulnerability arises in the upload handling: admin/upload-uploadify.php and the validation routine in admin/inc/security_functions.php interact with admin/upload.php, which blocks .html uploads but allows Internet Explorer to render HTML elements co...

4CVSS4.5AI score0.00777EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2013/09/12 1:30 p.m.2 views

DEBIAN-CVE-2013-5738

The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...

4.3CVSS5.8AI score0.02361EPSS
Exploits1References1
OSV
OSV
added 2013/09/12 1:30 p.m.3 views

UBUNTU-CVE-2013-5738

The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...

4.3CVSS5.7AI score0.02361EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2009/03/30 1:30 a.m.3 views

CVE-2008-6542

Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files...

4.6CVSS5.9AI score0.01606EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2008/01/08 7:46 p.m.2 views

CVE-2007-6676

The default configuration of Uber Uploader UU 5.3.6 and earlier does not block uploads of 1 .html, 2 .asp, and other possibly dangerous extensions, which allows remote attackers to use these extensions in uploads via a uufileupload.php, related to uufileupload.js and b uberuploaderfile.php, relat...

6.8CVSS5.7AI score0.01203EPSS
Exploits0References5
Rows per page
Query Builder