27 matches found
uCrop 安全漏洞
uCrop is an Android image cropping library open source by Yalantis. A security vulnerability exists in uCrop version 2.2.11, which originates from improper export of the function UCropActivity in the file AndroidManifest.xml, which could lead to improper export of Android application components...
WordPress plugin PPOM – Product Addons & Custom Fields for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
Linux Distros Unpatched Vulnerability : CVE-2019-8943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directo...
CVE-2024-30879
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...
CVE-2024-30879
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...
CVE-2024-30879
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...
CVE-2024-30880
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...
CVE-2024-30883
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...
CVE-2024-30883
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...
PT-2024-23652 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: The issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function. This is...
CVE-2024-30880
CVE-2024-30880 maps to a reflected XSS in RageFrame2 v2.6.43. The issue arises in the image cropping function, where a crafted payload is injected via the multiple parameter, enabling remote execution of web scripts and potential leakage of sensitive information. Multiple connected sources (NVD, ...
CVE-2024-30883
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...
CVE-2024-30883
CVE-2024-30883 affects RageFrame2 v2.6.43 with a Reflected XSS in the aspectRatio parameter of the image cropping function. Exploitation could allow remote attackers to run arbitrary web scripts or HTML and access sensitive information. Public sources from NVD/Red Hat and third-party advisories c...
PT-2024-23654 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A Reflected Cross Site Scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in...
CVE-2024-30880
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the multiple parameter in the image cropping function...
PT-2024-23655 · Unknown · Rageframe2
Name of the Vulnerable Software and Affected Versions: RageFrame2 version 2.6.43 Description: A Reflected Cross Site Scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter ...
CVE-2024-30883
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the aspectRatio parameter in the image cropping function...
SUSE CVE-2019-8943
WordPress through 5.0.3 allows Path Traversal in wpcropimage. An attacker who has privileges to crop an image can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...
Design/Logic Flaw
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the...
Mail.ru: [Biz] [Mailer] Кроп любых* изображений расположенных на сервере
Crop any images at site mailer.i.bizml.ru...