GHSA-P2J7-6G9H-32XH Cross site scripting in Shopizer

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code...

Cross site scripting in Shopizer

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code...

CVE-2022-23059 Shopizer - Stored XSS in Manage Images

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code...

CVE-2022-23059

Shopizer CVE-2022-23059 is a Stored XSS in versions 2.0–2.17.0 exploitable via the Manage Images tab, where an SVG upload containing malicious JavaScript could be executed in the victim’s context. The connected advisories (GHSA and OSV entries) corroborate the same vulnerable range and vector. Th...

Shopizer 跨站脚本漏洞

Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A cross-site scripting vulnerability exists in Shopizer versions v2.0.2 through v2.17.0, which allows an attacker to upload SVG files containing malicious JavaScript code via the "Manage Images" tab...

CVE-2022-23059

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code...

[SECURITY] Fedora 33 Update: podman-3.2.3-2.fc33

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

WordPress NextCellent Gallery Plugin <= 1.19.17 - XSS

Because of this vulnerability in admin/manage-images.php, authenticated users can inject arbitrary web script or HTML via the "Alt & Title Text" field. Solution Update the plugin...

Iron Lava Corp Shell Upload / SQL Injection

Exploit Title : Iron Lava Corp SQL Injection / SHell upload Exploit Author : Ashiyane Digital Security Team vendor home : http://www.ironlava.com/ Home : www.ashiyane.org Security Risk : High Dork : "Site Design by Iron Lava Corp." inurl:index.php?pid= Location:site/index.php?pid=SQL DEm0:...

CVE-2005-4171

The CVE reports a remote PHP code execution in eFiction 1.1 when image-upload is allowed. An uploaded file named with a .php extension can start as a GIF (passes image validation) but contains PHP code that gets executed by the web server, enabling arbitrary code execution. The vulnerability stem...