68 matches found
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
EUVD-2026-35296
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621
Summary (CVE-2026-11621): A weakness in Dcat-Admin up to version 2.2.3-beta affects the editor-md/upload function at /admin/dcat-api/editor-md/upload within the User Setting Page. The manipulation of the argument editormd-image-file enables unrestricted upload. The attack can be initiated remotel...
PT-2026-47633
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2025-70845
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...
CVE-2025-70845
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...
PT-2026-7907
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...
CVE-2025-70845
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...
CVE-2025-70845
lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting XSS exists in the /setting/ page where the "intro" field is not properly sanitized or escaped...
CVE-2025-70845
CVE-2025-70845 affects lty628 aidigu v1.9.1. The vulnerability is a Cross Site Scripting (XSS) flaw on the /setting/ page, where the "intro" field is not properly sanitized or escaped. The available sources confirm the flaw but do not provide details on exploit scenarios, affected versions beyond...
CVE-2026-20894
Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web browser of a victim administrator who accesse...
CVE-2025-12269
A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack...
PT-2025-43937
Name of the Vulnerable Software and Affected Versions LearnHouse versions prior to 98dfad76aad70711a8113f6c1fdabfccf10509ca Description A cross site scripting issue exists in LearnHouse. The issue is located in the Account Setting Page component, specifically within the file...
CVE-2025-10651
The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...
EUVD-2025-22018
Malicious code in bioql PyPI...
EUVD-2025-16590
Malicious code in bioql PyPI...