Lucene search
K

21 matches found

Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.64 views

📄 ThingsBoard IoT Platform 4.2.0 Server-Side Request Forgery

ThingsBoard IoT Platform version 4.2.0 suffers from a server-side request forgery vulnerability. Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link:...

9.1CVSS5.8AI score0.01658EPSS
Exploits2
NVD
NVD
added 2026/02/23 9:19 p.m.12 views

CVE-2026-25648

Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaScript in the context of other users' browsers by uploading malicious SVG files as device images. The application accepts SVG file uploads without...

8.7CVSS0.00273EPSS
Exploits1References1
CVE
CVE
added 2026/02/06 7:11 p.m.11 views

CVE-2026-22254

CVE-2026-22254 affects Winter CMS prior to 1.2.10, where the Asset Manager allowed uploading SVGs without automatic sanitization if a user had cms.manage_assets. This could enable stored XSS in affected deployments, since the attacker must have backend access with that permission. The issue is fi...

3.5CVSS5.6AI score0.00251EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.4 views

PT-2025-48282

Name of the Vulnerable Software and Affected Versions ThingsBoard versions prior to 4.2.1 Description An authenticated user can upload malicious SVG images through the "Image Gallery". This leads to a Stored Cross-Site Scripting XSS issue. The exploit is triggered when any user accesses the publi...

6.2CVSS5.4AI score0.00033EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-23471

Malware in sbrugna...

6.1CVSS6.2AI score0.00713EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-4279

Malware in sbrugna...

6.1CVSS6.7AI score0.00692EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3854

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00584EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-8035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image...

6.1CVSS6.1AI score0.00881EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/04/24 12:0 a.m.290 views

📄 AlegroCart 1.2.9 Cross Site Scripting

AlegroCart version 1.2.9 suffers from persistent and reflective cross site scripting vulnerabilities. Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Imag...

6.7AI score
Exploits0
Snyk
Snyk
added 2025/02/03 4:40 a.m.4 views

Cross-site Scripting (XSS)

Overview backdrop/backdrop is a CMS that helps you build websites for businesses and non-profits. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient validation of uploaded SVG images. A user with SVG upload privileges who convinces another user to...

8.7CVSS5.4AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/06 9:22 p.m.8 views

CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS5.8AI score0.00259EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/06 9:22 p.m.16 views

CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload

Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

5.4CVSS0.00259EPSS
Exploits1References1
OSV
OSV
added 2024/05/30 12:15 p.m.7 views

CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

6.4CVSS6.8AI score
Exploits0References1
Veracode
Veracode
added 2024/02/13 8:9 a.m.19 views

Cross-site Scripting (XSS)

ghost is vulnerable to Cross-Site Scripting. The vulnerability is due to missing santization during svg image upload. An attacker can upload a SVG profile picture containing JavaScript code which interacts with the API on localhost TCP port 3001, allowing a contributor to potentially take over an...

9CVSS6.8AI score0.03485EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/21 3:15 p.m.4 views

CVE-2023-48114

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name...

5.4CVSS5.8AI score0.00355EPSS
Exploits1References3
OSV
OSV
added 2022/04/26 7:15 p.m.3 views

CVE-2021-36895

Unauthenticated Cross-Site Scripting XSS vulnerability in Tripetto's Tripetto plugin = 5.1.4 on WordPress via SVG image upload...

6.1CVSS6.4AI score0.00713EPSS
Exploits0References2
Prion
Prion
added 2022/04/26 7:15 p.m.18 views

Cross site scripting

Unauthenticated Cross-Site Scripting XSS vulnerability in Tripetto's Tripetto plugin = 5.1.4 on WordPress via SVG image upload...

4.3CVSS5.9AI score0.00713EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/26 6:13 p.m.10 views

CVE-2021-36895 WordPress Tripetto plugin <= 5.1.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability via SVG image upload

Unauthenticated Cross-Site Scripting XSS vulnerability in Tripetto's Tripetto plugin = 5.1.4 on WordPress via SVG image upload...

4.7CVSS5AI score0.00713EPSS
Exploits0References2
CVE
CVE
added 2022/04/26 6:13 p.m.79 views

CVE-2021-36895

CVE-2021-36895: Unauthenticated XSS in WordPress Tripetto plugin versions &lt;= 5.1.4 via SVG image upload. Root cause per CNVD/CNNVD entries is lack of filtering/escaping for uploaded SVG data. Affected: Tripetto WordPress plugin

6.1CVSS5.2AI score0.00713EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/05/18 2:55 p.m.28 views

CVE-2020-8035

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting XSS vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL...

6.1CVSS5.9AI score0.00881EPSS
Exploits0
Rows per page
Query Builder