Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

Frappe Learning Management System 跨站脚本漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning Management System version 2.44.0 and prior versions, which stems from a specially crafted image file name that could...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2022/03/24 3:15 a.m.4 views

UBUNTU-CVE-2022-27811

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...

9.8CVSS5.8AI score0.03008EPSS
Exploits1References4
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.20 views

PRODSECBUG-2458: Cross-Site Scripting in image file names

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
NVD
NVD
added 2019/07/18 3:15 a.m.11 views

CVE-2019-13645

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$fileid$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in...

5.4CVSS5.4AI score0.00762EPSS
Exploits1References2
OSV
OSV
added 2019/07/18 3:15 a.m.6 views

CVE-2019-13645

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$fileid$ attachment editing. NOTE: It is asserted that an attacker must have the same access rights as the user in...

5.4CVSS5.3AI score
Exploits0References2
CVE
CVE
added 2019/07/18 2:17 a.m.49 views

CVE-2019-13645

Firefly III prior to 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript executes during attachments/edit/$file_id$ attachment editing. An attacker must have the same access rights as the user to exploit. A fix is available: upd...

5.4CVSS5.3AI score0.00762EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/18 12:0 a.m.4 views

PT-2019-13460 · Firefly Iii · Firefly-Iii

Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 4.7.17.3 Description: The issue arises from a lack of filtration of user-supplied data in image file names, leading to stored XSS. The JavaScript code is executed during attachments/edit/$file id$ attachment...

5.4CVSS5.8AI score0.00762EPSS
Exploits1References8
Rows per page
Query Builder