CVE-2019-9094

A Reflected Cross Site Scripting XSS Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS...

CVE-2019-9093

CVE-2019-9093 corresponds to a Reflected Cross-Site Scripting (XSS) in Humhub 1.3.10 Community Edition. The vulnerability occurs in the file/upload handler where the filename parameter from user input is echoed back, enabling script execution. Affected software: Humhub 1.3.10 Community Edition; v...

CVE-2019-9093

A Reflected Cross Site Scripting XSS Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS...

HumHub 1.0.1 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: HumHub 1.0.1 and earlier Fixed in: 1.1.1 Fixed Version https://www.humhub.org/en/download/default/form?version=1.1.1 Link: &type=zip Vendor Website: https://www.humhub.org/ Vulnerability XSS Type: Remote Yes Exploitable:...

HumHub 0.20.1 / 1.0.0-beta.3 Shell Upload

Security Advisory - Curesec Research Team 1. Introduction Affected Product: HumHub 0.20.1 / 1.0.0-beta.3 Fixed in: 1.0.0 Fixed Version https://www.humhub.org/en/download/default/form?version=1.0.0 Link: &type=zip Vendor Website: https://www.humhub.org/ Vulnerability Code Execution Type: Remote Ye...

CVE-2016-1229

Cross-site scripting XSS vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1229

Cross-site scripting XSS vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1229

HumHub XSS (CVE-2016-1229) affects HumHub versions 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta through 1.0.0-beta.2. The vulnerability allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. The root cause is a cross-site scripting flaw in the application...

CVE-2016-1229

Cross-site scripting XSS vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Humhub Cross-Site Scripting Vulnerability

Humhub is an open source PHP-based social networking system. A cross-site scripting vulnerability exists in Humhub versions 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta.1 through 1.0.0-beta.2. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...

HumHub vulnerable to cross-site scripting

Overview HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

JVN#56167268: HumHub vulnerable to cross-site scripting

HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provide...

HumHub 0.11.2 and 0.20.0-beta.2 - SQL Injection Vulnerability

HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability. === LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHu...

HumHub 0.11.2 / 0.20.0-beta.2 SQL Injection

=== LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHub 0.11.2 and 0.20.0-beta.2 Issue Overview ============== Vulnerability Type: 89 - Improper...

HumHub 0.11.20.20.0-beta.2 - SQL Injection

HumHub 0.11.20.20.0-beta.2 - SQL Injection === LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHub 0.11.2 and 0.20.0-beta.2 Issue Overview...

HumHub 0.11.2/0.20.0-beta.2 - SQL Injection

=== LSE Leading Security Experts GmbH - Security Advisory 2015-10-14 === HumHub - SQL-Injection ------------------------------------------------------------------------ Tested Versions =============== HumHub 0.11.2 and 0.20.0-beta.2 Issue Overview ============== Vulnerability Type: 89 - Improper...

HumHub '.htaccess' Arbitrary File Upload Vulnerability

HumHub is a flexible, open source social networking system. HumHub exists for .htacces file uploads, allowing attackers to exploit vulnerabilities to upload arbitrary files and execute them...

HumHub 0.10.0 File Upload / Remote Code Execution Vulnerabilities

HumHub versions 0.10.0 and below suffer from .htaccess file upload and remote code execution vulnerabilities. + HumHub .htaccess file upload vulnerability and remote code execution + Discovered by: Jos Wetzels + Vendor: HumHub + Product: HumHub + Versions affected: 0.10.0 and earlier. + Advisory...

HumHub SQL Injection Vulnerability

HumHub is a flexible, open source social networking system developed in PHP. HumHub 0.10.0-rc.1 and earlier versions suffer from a SQL injection vulnerability that allows remote authenticated users to execute arbitrary SQL commands...