44 matches found
CVE-2019-15314
tiki/tiki-uploadfile.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-downloadfile.php?display= URI...
PT-2025-22126 · Koibox · Koibox
Name of the Vulnerable Software and Affected Versions: Koibox versions prior to e8cbce2 Description: A Stored Cross-Site Scripting XSS issue has been found, allowing an authenticated attacker to upload an image containing malicious JavaScript code as a profile picture in the...
Directus has a DOM-Based cross-site scripting (XSS) via layout_options
Impact Directus allows an authenticated attacker to save cross site scripting code to the database. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with...
CVE-2024-8918
The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, ...
WordPress File Manager Pro plugin <= 8.3.9 - Unauthenticated Limited JavaScript File Upload vulnerability
Unauthenticated Limited JavaScript File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin File Manager Pro versions = 8.3.9...
WordPress Bit File Manager plugin <= 6.5.7 - Authenticated (Subscriber+) Limited JavaScript File Upload vulnerability
Authenticated Subscriber+ Limited JavaScript File Upload vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Bit File Manager versions = 6.5.7...
WordPress plugin Bit File Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Summary A vulnerability has been discovered in Agnai that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, da...
CVE-2024-47169 Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those...
PT-2024-39204 · WordPress · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress affected versions not specified Description: The issue is due to a lack of proper checks, allowing lower-privileged roles to upload .css and .js files to arbitrary directories. This enables authenticated attackers with...
CVE-2024-7775
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes i...
WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated (Administrator+) Arbitrary JavaScript File Uploads vulnerability
WordPress BitForm plugin 2.0 - 2.13.9 - Authenticated Administrator+ Arbitrary JavaScript File Uploads vulnerability discovered by siunam in WordPress Plugin Bit Form versions 2.0 - 2.13.9...
WordPress plugin Contact Form by Bit Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
Online Piggery Management System 跨站脚本漏洞
Online Piggery Management System is an online piggy management system by Lewa Personal Developer. A security vulnerability exists in Online Piggery Management System version 1.0, which stems from susceptibility to cross-site scripting XSS attacks, where an unauthenticated user can upload JavaScri...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
PT-2022-26515 · Redcap · Redcap
Name of the Vulnerable Software and Affected Versions: REDCap versions prior to 12.04.18 Description: A reflected XSS issue exists in the Alerts & Notifications upload feature, allowing arbitrary JavaScript code execution when a crafted CSV file is uploaded. Recommendations: For versions prior to...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
GHSA-Q2GP-GPH3-88X9 Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wf7g-7h6h-678v. This link is maintained to preserve external references. Original Description An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even...