Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 3:29 a.m.20 views

FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header)

Summary FileBrowser Quantum serves inline SVG files without a Content-Security-Policy header, allowing embedded JavaScript in SVG files to execute when accessed via public share links. Verified on v1.3.0-stable. Affected product - Product: FileBrowser Quantum gtsteffaniak/filebrowser - Verified...

5.9AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-6628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions prior to...

6.8CVSS7.3AI score0.0114EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.2 views

SUSE CVE-2021-41178

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishi...

6.5CVSS6.4AI score0.01727EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/10/25 12:0 a.m.2 views

PT-2021-23153 · Nextcloud +1 · Nextcloud +1

Name of the Vulnerable Software and Affected Versions: Nextcloud versions prior to 20.0.13 Nextcloud versions prior to 21.0.5 Nextcloud versions prior to 22.2.0 Description: A file traversal vulnerability in Nextcloud allows an attacker to download arbitrary SVG images from the host system,...

8.8CVSS6.6AI score0.01727EPSS
Exploits0References22
Rows per page
Query Builder