5 matches found
PT-2023-26133 · Webile · Webile
Name of the Vulnerable Software and Affected Versions: Webile version 1.0.1 Description: A vulnerability was found in the HTTP POST Request Handler component. The manipulation of the new file name/c argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit...
Webile 跨站脚本漏洞
webileapps Webile is an application from webileapps, Inc. A cross-site scripting vulnerability exists in Webile version 1.0.1, which stems from the parameter newfilename/c of the component HTTP POST Request Handler can lead to cross-site scripting...
CVE-2016-6283
Cross-site scripting XSS vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action...
Constructr CMS 3.03 Arbitrary File Upload
No description provided by source. !/usr/bin/env perl Constructr CMS 3.03 Arbitrary File Upload Author: plucky Email: [email protected] Vulnerable Page: /constructr/backend/media.php line App Download: http://sourceforge.net/projects/constructr/ Date: 23/03/2011 THX TO: yawn, shrod, h473 and...
Java write file file name 0 0 truncation BUG that caused file upload vulnerability and fix-vulnerability warning-the black bar safety net
Java in the above two environments to write the files, because 0 0 is truncated and not correct for the new generated file name. For example, the user needs to username abc. jsp . jpg, but after 0 0 after truncation, the resulting file name becomes the abc. jsp , therefore we are in relation to t...