16 matches found
CVE-2022-42149
kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...
EUVD-2025-21363
Malicious code in bioql PyPI...
EUVD-2022-33691
Malicious code in bioql PyPI...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
The vulnerability of the Online Preview component of the PublicCMS CMS system, which allows attackers to perform cross-site scripting attacks
The vulnerability of the Online Preview component of the PublicCMS CMS system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
Cross site scripting
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
CVE-2023-51252
PublicCMS 4.0 is affected by an XSS vulnerability in the Online Preview component. The issue arises from inadequate protection of the web page structure when uploaded files (PDF/HTML) are viewed online, enabling an XSS popup. Root cause: lack of proper input handling in the Online Preview feature...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
PT-2023-8541 · Publiccms · Publiccms
Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0 Description: The issue exists due to a lack of protection for the web page structure in the Online Preview component of PublicCMS. This allows a remote attacker to conduct cross-site scripting XSS attacks. The...
PT-2022-26771 · Unknown · Kkfileview
Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. This is achieved through a Server-Side Request Forgery SSRF in the...
Keking kkFileView 代码问题漏洞
Keking kkFileView is a Spring-Boot project for online previewing of documents from Keking Technology Keking. A security vulnerability exists in Keking kkFileView version 4.0, which originates from a cross-site request forgery that can be realized by an attacker through its...
File Upload Vulnerability in OfficeWeb365 of Xi'an Daxi Information Technology Co.
OfficeWeb365 focuses on Office document online preview and PDF document online preview cloud services, including Microsoft Word document online preview, Excel table online preview, Powerpoint presentation document online preview, WPS word processing, WPS forms, WPS presentations and Adobe PDF...
Discuz plug-in arbitrary File Download vulnerability-vulnerability warning-the black bar safety net
A txt,word Online Preview of the plug-in,Plug-In address: http://www.discuz.net/forum.php?mod=viewthread&tid=3 1 6 9 5 5 6 AppleScript $doc=$GET'doc'; $doc="../../../".$ doc; $filename=$GET'filename'; $ext=$GET'ext'; //set file type if$ext=='doc' $ext="application/msword"; if$ext=='xls'...