26 matches found
EUVD-2022-5982
Malicious code in bioql PyPI...
CVE-2023-37611
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...
CVE-2022-30429
Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...
BIT-NEOS-2022-30429
Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...
BIT-NEOS-2023-37611
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...
GHSA-6QJF-7G3J-QX25 Neos CMS Cross Site Scripting vulnerability
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To make use of this attack vector, the attacker must either be able to upload a maliciously crafted fil...
Neos CMS Cross Site Scripting vulnerability
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To make use of this attack vector, the attacker must either be able to upload a maliciously crafted fil...
CVE-2023-37611
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...
CVE-2023-37611
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...
CVE-2023-37611
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...
Cross site scripting
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...
Neos CMS Cross-Site Scripting Vulnerability
Neos CMS is an open source CMS software from Neos. A security vulnerability exists in Neos CMS version 8.3.3, which stems from the presence of a stored cross-site scripting XSS vulnerability. The vulnerability can be exploited by an attacker to execute arbitrary code by designing SVG files...
PT-2023-26042 · Neos Cms · Neos Cms
Name of the Vulnerable Software and Affected Versions: Neos CMS version 8.3.3 Description: The issue allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To exploit this, the attacker must be able to upload a...
CVE-2023-37611
CVE-2023-37611 : Neos CMS 8.3.3 is affected by a Cross-Site Scripting vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. Root cause is linked to handling of uploaded SVGs; impact is arbitrary ...
CVE-2023-37611
Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component...
GHSA-7M9H-V68W-PFW3 Neos CMS vulnerable to XSS in various backend modules
Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...
Neos CMS vulnerable to XSS in various backend modules
Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...
CVE-2022-30429
Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...
CVE-2022-30429
Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...
CVE-2022-30429
Multiple cross-site scripting XSS vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also ...