20 matches found
CVE-2026-61504
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...
CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...
CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...
CVE-2026-61504
CVE-2026-61504 affects Rejetto HFS 3.0.0–3.2.0, where the basic web listing does not escape file names and can be forced with the browser parameter ?get=basic. This enables stored XSS: a file with a script in its name can execute in the viewer’s browser when the listing is viewed, potentially by ...
CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...
EUVD-2020-4054
Malware in sbrugna...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
Open Upload Cross-Site Scripting Vulnerability
Open Upload is a PHP-based, extensible, open source application for file uploading and downloading. A cross-site scripting vulnerability exists in Open Upload 0.4.3 and prior versions. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker ca...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
Open redirect
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
CVE-2020-11712
Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...
CVE-2020-11712
CVE-2020-11712 affects the Open Upload project (PHP-based file upload app) up to version 0.4.3. The issue is a Cross-Site Scripting (XSS) vulnerability exploitable via index.php?action=u and the filename field. The available sources state the vulnerability and affected version but do not provide ...
Open Upload 3.6.28 Cross site Scripting
======================================================================== | Title : Openupload 3.6.28 Xss vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : 3.6.28 | Vendor : http://wmscripti.com/ | Dork : open upload - login...
Open Upload Remote Cross-Site Request Forgery Vulnerability
Open Upload is an extensible PHP open source project for creating a private/public file download server . The Open Upload application suffers from a CSRF vulnerability, which can be exploited to lure an administrator user to a specially crafted URL via spear phishing or social engineering, allowi...
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
Open Upload 0.4.2 - Cross-Site Request Forgery Add Admin ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
Exploit for php platform in category web applications ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...
Open Upload 0.4.2 - Multiple Cross-Site Request Forgery Vulnerabilities
Exploit for php platform in category web applications ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...
Open Upload <== Full DataBase Buckup Vulnerability
Exploit for php platform in category web applications Exploit Title: Open Upload == Full Multiple Vulnerabilites Author: email protected Vendor or Software Link: http://openupload.sourceforge.net/ Google dork: "Open Upload - Created by Alessandro Briosi 2009" Tested on: Xp SP 2 Poc : 1 -...