Lucene search
K

72 matches found

CVE
CVE
added 2024/10/02 12:0 a.m.53 views

CVE-2024-45962

CVE-2024-45962 affects October CMS 3.6.30. An authenticated admin can upload a PDF containing malicious JavaScript; when accessed via the website this can lead to XSS or potential arbitrary code execution in the target. No fixed version is published in the provided documents. Remediation guidance...

4.7CVSS6AI score0.0048EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/02 12:0 a.m.13 views

CVE-2024-45962

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting XSS attack or execute arbitrary code via a crafted JavaScript to the target...

6.2AI score0.0048EPSS
Exploits1References1
CVE
CVE
added 2024/10/02 12:0 a.m.51 views

CVE-2024-45960

Zenario CMS 9.7.61188 is affected. Authentication is required for the exploit: an admin can upload PDF files containing malicious code. If such a PDF is accessed via the site, it can trigger Cross-Site Scripting (XSS) in the user’s browser. The root cause is a lack of proper validation for upload...

4.8CVSS5.8AI score0.00343EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/30 4:31 a.m.86 views

CVE-2024-3277

CVE-2024-3277 affects the WordPress plugin “Yumpu ePaper publishing” (versions

5CVSS5.2AI score0.00316EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/30 4:31 a.m.15 views

CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...

5CVSS6.5AI score0.00316EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/30 4:31 a.m.27 views

CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...

5CVSS5.2AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.14 views

PT-2024-24841 · WordPress · Yumpu Epaper Publishing Plugin

Name of the Vulnerable Software and Affected Versions: Yumpu ePaper publishing plugin for WordPress version 2.0.24 and earlier Description: The issue allows authenticated attackers with subscriber-level access and above to upload PDF files, publish them, and modify the API key due to a missing...

5CVSS6.7AI score0.00316EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/05/29 11:56 p.m.7 views

WordPress Yumpu ePaper publishing plugin <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification vulnerability

Missing Authorization to PDF Upload, Publishing, and API Key Modification vulnerability discovered by Lucio Sá in WordPress Plugin Yumpu ePaper publishing versions = 2.0.24...

5CVSS7AI score0.00316EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.18 views

Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

Description The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level...

5CVSS4.9AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.6 views

PT-2024-26563 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...

5.4CVSS8.2AI score0.00435EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.4 views

PT-2024-10381 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi affected versions not specified Description: The issue is related to a lack of protection measures on web pages, allowing a remote attacker to execute arbitrary JavaScript code by uploading a specially crafted PDF file. Recommendations...

4CVSS7.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.6 views

PT-2024-21997 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime version 3.0.6 Description: The issue allows attackers to execute arbitrary code via the upload of a crafted PDF file to the "files/browse" endpoint. This enables the execution of malicious scripts, potentially leading to unauthorized...

7.6CVSS7.9AI score0.00556EPSS
Exploits1References4
NVD
NVD
added 2024/02/29 2:15 p.m.22 views

CVE-2024-2001

A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded...

5.5CVSS5.2AI score0.00323EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/29 12:0 a.m.6 views

PT-2024-18497 · Unknown · Cockpit Cms

Name of the Vulnerable Software and Affected Versions: Cockpit CMS version 2.7.0 Description: A Cross-Site Scripting issue in Cockpit CMS could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded...

5.5CVSS5.3AI score0.00323EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/01/10 12:0 a.m.19 views

CVE-2023-51252

PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...

5.5AI score0.00297EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.8 views

SUSE CVE-2009-1597

Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as...

9.3CVSS6.7AI score0.01736EPSS
Exploits1References3
Huntr
Huntr
added 2023/01/03 8:43 a.m.120 views

XSS via upload pdf file

Description Hi there, It's my pleasure to submit a report to you again to maintain the safety of the project.Most users can upload files in the module named 'Resources' .We can upload pdf files.But uploading malicious pdf files will cause xss vulnerability which will cause great harm to users of...

4.9CVSS5.7AI score0.00519EPSS
Exploits1
NVD
NVD
added 2022/10/31 9:15 p.m.29 views

CVE-2022-39016

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

8.8CVSS0.00491EPSS
Exploits0References1
Prion
Prion
added 2022/10/31 9:15 p.m.21 views

Design/Logic Flaw

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

6.5CVSS8.4AI score0.00491EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.6 views

PT-2022-24672 · Pdftron Systems +1 · Pdftron +1

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 3.3.10.9 Description: The issue allows authenticated attackers to perform an account takeover via a crafted PDF upload, exploiting a Javascript injection in PDFtron. Recommendations: For versions prior to...

8.8CVSS8.5AI score0.00491EPSS
Exploits0References2
Rows per page
Query Builder