28 matches found
CVE-2026-34725
DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...
EUVD-2026-18472
DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...
CVE-2026-34725
DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...
EUVD-2022-5981
Malicious code in bioql PyPI...
Malicious code in plugin-svg-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 824299b29c64a19455bcdc235b9c2726b1ae00b364f8a549bb972a1be842eb43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-0863
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution...
CVE-2019-14216
An issue was discovered in the svg-vector-icon-plugin aka WP SVG Icons plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file...
WordPress SVG Icons Plugin Arbitrary File Upload (CVE-2022-0863)
An arbitrary file upload vulnerability exists in WordPress SVG Icons plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Cross-site Scripting (XSS)
jenkins is vulnerable to cross-site scriptingXSS attacks. The HTML output generated for new symbol-based SVG icons includes the title attribute of l:ionicon and alt attribute of l:icon without further escaping, resulting in a cross-site scripting XSS vulnerability...
Cross site scripting
In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...
CVE-2022-34171
In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...
CVE-2022-34171
In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...
Malicious code in zd-svg-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 169e62d18b5cd6071c986b8165e474e7a6e36580804e404b65b1b2578c66d487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7380 Malicious code in zd-svg-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 169e62d18b5cd6071c986b8165e474e7a6e36580804e404b65b1b2578c66d487 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress WP SVG Icons plugin remote code execution vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP SVG Icons plugin version 3.2.3 and prior versions contain a remote code execution...
CVE-2022-0863
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution...
CVE-2022-0863
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution...
Remote code execution
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution...
CVE-2022-0863
The WP SVG Icons WordPress plugin (versions ≤ 3.2.3) is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded custom icon packs. An admin/high-privilege user can upload a ZIP containing malicious PHP code, leading to remote code execution. Publ...
CVE-2022-0863 WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE)
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution...