Lucene search
+L

20 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-61504

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 5 days ago5 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-61504

CVE-2026-61504 affects Rejetto HFS 3.0.0–3.2.0, where the basic web listing does not escape file names and can be forced with the browser parameter ?get=basic. This enables stored XSS: a file with a script in its name can execute in the viewer’s browser when the listing is viewed, potentially by ...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 5 days ago4 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.1CVSS6.1AI score0.00173EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4054

Malware in sbrugna...

6.1CVSS6.3AI score0.01057EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.6 views

CVE-2020-11712

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...

6.1CVSS5.9AI score0.01057EPSS
Exploits1References1
CNVD
CNVD
added 2020/04/13 12:0 a.m.2 views

Open Upload Cross-Site Scripting Vulnerability

Open Upload is a PHP-based, extensible, open source application for file uploading and downloading. A cross-site scripting vulnerability exists in Open Upload 0.4.3 and prior versions. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker ca...

6.1CVSS6.4AI score0.01057EPSS
Exploits1
OSV
OSV
added 2020/04/12 5:15 p.m.4 views

CVE-2020-11712

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...

6.1CVSS6.4AI score0.01057EPSS
Exploits1References3
NVD
NVD
added 2020/04/12 5:15 p.m.18 views

CVE-2020-11712

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...

6.1CVSS6.1AI score0.01057EPSS
Exploits1References3
Prion
Prion
added 2020/04/12 5:15 p.m.16 views

Open redirect

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...

4.3CVSS6AI score0.01057EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/04/12 4:21 p.m.19 views

CVE-2020-11712

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field...

6.1AI score0.01057EPSS
Exploits1References3
CVE
CVE
added 2020/04/12 4:21 p.m.50 views

CVE-2020-11712

CVE-2020-11712 affects the Open Upload project (PHP-based file upload app) up to version 0.4.3. The issue is a Cross-Site Scripting (XSS) vulnerability exploitable via index.php?action=u and the filename field. The available sources state the vulnerability and affected version but do not provide ...

6.1CVSS6AI score0.01057EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2017/12/27 12:0 a.m.29 views

Open Upload 3.6.28 Cross site Scripting

======================================================================== | Title : Openupload 3.6.28 Xss vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : 3.6.28 | Vendor : http://wmscripti.com/ | Dork : open upload - login...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/08/03 12:0 a.m.4 views

Open Upload Remote Cross-Site Request Forgery Vulnerability

Open Upload is an extensible PHP open source project for creating a private/public file download server . The Open Upload application suffers from a CSRF vulnerability, which can be exploited to lure an administrator user to a specially crafted URL via spear phishing or social engineering, allowi...

6.9AI score
Exploits0References1
exploitpack
exploitpack
added 2016/08/02 12:0 a.m.40 views

Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)

Open Upload 0.4.2 - Cross-Site Request Forgery Add Admin ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

0.1AI score
Exploits0
0day.today
0day.today
added 2016/08/02 12:0 a.m.41 views

Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)

Exploit for php platform in category web applications ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/08/02 12:0 a.m.40 views

Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)

================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

7AI score
Exploits0
0day.today
0day.today
added 2016/07/27 12:0 a.m.47 views

Open Upload 0.4.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Exploit for php platform in category web applications ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/08/13 12:0 a.m.134 views

Open Upload <== Full DataBase Buckup Vulnerability

Exploit for php platform in category web applications Exploit Title: Open Upload == Full Multiple Vulnerabilites Author: email protected Vendor or Software Link: http://openupload.sourceforge.net/ Google dork: "Open Upload - Created by Alessandro Briosi 2009" Tested on: Xp SP 2 Poc : 1 -...

7.1AI score
Exploits0
Rows per page
Query Builder