15 matches found
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...
CVE-2025-41712
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...
PT-2026-24186
An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...
CVE-2025-56265
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...
CVE-2025-56265
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...
CVE-2025-9800 SimStudioAI sim HTML File route.ts import unrestricted upload
A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricte...
CVE-2023-1720
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...
Huly Platform 安全漏洞
Huly Platform is an all-in-one project management platform from Huly open source. A security vulnerability exists in Huly Platform version v0.6.295. An attacker can exploit the vulnerability to execute arbitrary code by uploading a specially crafted HTML file to the tracker comment page...
PrivateGPT Security Vulnerabilities
PrivateGPT is an AI project. A security vulnerability exists in PrivateGPT that stems from improper file upload validation, which can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser session by uploading a malicious HTML file...
CVE-2023-39612
A cross-site scripting XSS vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL...
CVE-2023-41637
An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...
tduck-platform 跨站脚本漏洞
TDuckCloud tduck-platform is an open source form survey system from China Zhongda Numerical Wei Information Technology Limited TDuckCloud company. A security vulnerability exists in version v4.0 of tduck-platform, which stems from the presence of an arbitrary file upload vulnerability that allows...
SUSE CVE-2017-11114
The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...
SUSE CVE-2021-26948
Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file...
CVE-2022-26627
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file...