242 matches found
EUVD-2026-0860
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
CVE-2026-0587 Xinhu Rainrock RockOA Cover Image rock_page_gong.php cross site scripting
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
CVE-2026-0587 Xinhu Rainrock RockOA Cover Image rock_page_gong.php cross site scripting
A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rockpagegong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit...
PT-2026-1274
Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA versions up to 2.7.1 Description A security flaw exists in Xinhu Rainrock RockOA up to version 2.7.1. The issue is related to cross site scripting within the Cover Image Handler component, specifically in the file rock pa...
CVE-2025-13785
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
GHSA-XMH7-35V2-FP6H Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
EUVD-2025-199926
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
CVE-2025-13785
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
CVE-2025-13785
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
Information Exposure
Overview yungifez/skuul is an A multi school management system. Affected versions of this package are vulnerable to Information Exposure via the Image Handler component in the /user/profile path. An attacker can access sensitive profile image information by sending crafted requests to this...
CVE-2025-13785 yungifez Skuul School Management System Image profile information disclosure
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
CVE-2025-13785
CVE-2025-13785 affects yungifez Skuul School Management System up to 2.6.5, with the Image Handler processing the /user/profile file leading to information disclosure. The vulnerability is exploitable remotely and has public exploits/disclosures; multiple connected sources confirm the component a...
PT-2025-48387
Name of the Vulnerable Software and Affected Versions yungifez Skuul School Management System versions up to 2.6.5 Description A security issue exists in yungifez Skuul School Management System. The problem relates to the processing of the file /user/profile within the Image Handler component,...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415 icret EasyImages SVG Image upload.php cross site scripting
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely...
CVE-2025-13415
CVE-2025-13415 affects icret EasyImages up to 2.8.6. The issue lies in the SVG Image Handler’s /app/upload.php where manipulating the File parameter enables cross-site scripting. Attacks are described as remotely initiable. The Red Hat and other feeds corroborate the same vulnerability details. N...