6 matches found
PT-2026-51335
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Incorrect caching of authentication between different polkit PolicyKit, a component for controlling privileges in Unix-like operating systems methods allows a local attacker to perform unauthorized...
iOS Simulator MCP Server 操作系统命令注入漏洞
iOS Simulator MCP Server is an MCP server for interacting with iOS Simulator by Joshua Yoes, an individual developer. An operating system command injection vulnerability exists in iOS Simulator MCP Server versions prior to 1.3.3, which stems from a command injection vulnerability in some MCP Serv...
Microweber 跨站脚本漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 1.3.3 that...
CVE-2023-2014 Cross-site Scripting (XSS) - Generic in microweber/microweber
Cross-site Scripting XSS - Generic in GitHub repository microweber/microweber prior to 1.3.3...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework from the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in version 1.x prior to TYPO3 1.3.3, which stems from insufficient innocuous handling of user-supplied data, and can be exploited by attackers to condu...
PT-2016-3276 · Apache +3 · Apache Commons Fileupload +4
Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions prior to 1.3.3 Description: The issue is related to the deserialization mechanism in the DiskFileItem class of the Apache Commons FileUpload library. It allows a remote attacker to execute arbitrary code or...