XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from improper handling of filenames when uploading attachments, allowing users to upload attachments with malicious filenames,...

The vulnerability of the Archer Platform’s system for creating and managing business applications lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Archer Platform system for creating and managing business applications is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to execute arbitrary HTML or JavaScript code...

CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

CVE-2024-6881

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

PT-2024-37400

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 5.0.6.0 Description: The issue allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. This is achieved through a reflected XSS attack. Recommendations: For...

SUSE CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

DEBIAN-CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

UBUNTU-CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

CVE-2024-32484

An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability...

PT-2024-5670 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the netshop CMS module of Netcat. This could allow a remote attacker to execute arbitrary JavaScript code in...

PT-2024-5676 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS filemanager module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the filemanager module of the Netcat CMS system. This could allow a remote attacker to execute...

PT-2024-5683 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS calendar module affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability in the calendar module of the Netcat CMS system. This could allow a remote attacker to execute arbitrar...

PT-2024-5686 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the promotion discount parameter in the Netcat Netshop CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker t...

PT-2024-5674 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a function in the alter form.php file of the Netcat CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker to execute...

PT-2024-5679 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection measures for the web page structure in the stats module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScri...

PT-2024-5678 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection for the web page structure in the filemanager module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScript...

PT-2024-5673 · Unknown · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue exists due to inadequate protection of the web page structure, specifically in the code parameter of the netshop CMS module. This allows a remote attacker to execute...

PT-2024-5671 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the pricerule parameter in the netshop CMS module of the Netcat system, which is vulnerable to cross-site request forgery. This could allow a remote...

CVE-2024-31946

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript,...