4 matches found
FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header)
Summary FileBrowser Quantum serves inline SVG files without a Content-Security-Policy header, allowing embedded JavaScript in SVG files to execute when accessed via public share links. Verified on v1.3.0-stable. Affected product - Product: FileBrowser Quantum gtsteffaniak/filebrowser - Verified...
Linux Distros Unpatched Vulnerability : CVE-2016-6628
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions prior to...
SUSE CVE-2021-41178
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishi...
PT-2021-23153 · Nextcloud +1 · Nextcloud +1
Name of the Vulnerable Software and Affected Versions: Nextcloud versions prior to 20.0.13 Nextcloud versions prior to 21.0.5 Nextcloud versions prior to 22.2.0 Description: A file traversal vulnerability in Nextcloud allows an attacker to download arbitrary SVG images from the host system,...