Path traversal

In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” ultimateimagetool in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack...

Cross-site Scripting (XSS)

opencms-gwt is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the generateTooltipHtml function of CmsResultItemWidget.java, which allows an attacker to inject and execute malicious javascript or HTML through the Title field under the upload image module...

GHSA-M44F-9JHG-59CR alkacon-OpenCMS vulnerable to stored Cross-site Scripting

A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...

alkacon-OpenCMS vulnerable to stored Cross-site Scripting

A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...

CVE-2023-31544

A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...

CVE-2023-31544

A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...

Cross site scripting

A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...

Alkacon Software OpenCMS 跨站脚本漏洞

Alkacon Software OpenCMS is Germany's Alkacon Software a set of open source Java and XML-based content management system CMS. The system supports template engine, WYSIWYG editor and so on. A security vulnerability exists in Alkacon Software OpenCMS version v11.0.0.0. An attacker can exploit the...

PT-2023-23381 · Alkacon · Alkacon Opencms

Name of the Vulnerable Software and Affected Versions: alkacon-OpenCMS version 11.0.0.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module. This enables...

CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

Default configuration

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

CVE-2022-25275

CVE-2022-25275 affects Drupal’s Image module, allowing access to non-public image files when generating derivatives if contributed file systems are used and insecure derivatives are enabled. The issue is mitigated by keeping $config['image.settings']['allow_insecure_derivatives'] (Drupal 9) or $c...

Fedora 36 : drupal7 (2022-9d655503ea)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-9d655503ea advisory. - 7.92 - 7.91 - SA-CORE-2022-012 / CVE-2022-25275 - 7.90 - 7.89 - 7.88 - SA-CORE-2022-003 / CVE-2022-25271 - 7.87 - 7.86 - SA-CORE-2022-001 /...

Fedora 35 : drupal7 (2022-bf18450366)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-bf18450366 advisory. - 7.92 - 7.91 - SA-CORE-2022-012 / CVE-2022-25275 - 7.90 - 7.89 - 7.88 - SA-CORE-2022-003 / CVE-2022-25271 - 7.87 - 7.86 - SA-CORE-2022-001 /...

GHSA-XH3V-6F9J-WXW3 Drupal core Information Disclosure vulnerability

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

Drupal core Information Disclosure vulnerability

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...