WordPress plugin Shared Files Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

Description The plugin does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts. PoC Upload an allowed WordPress extension such as JPG and inject it with a script such as: . To access...

WordPress Shared Files Plugin < 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Shared Files Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Tammersoft PSID 075a041bc160 Credits Rafie Muhammad Patchstack Required privile...

PT-2023-20188 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.6.2.9 Description: A vulnerability in the web conferencing component could allow an unauthenticated attacker to download a shared file via a crafted request, including the exact path and filename, due to...

PT-2023-19011 · Apple · Icloud +5

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.3 iOS versions prior to 16.4 iPadOS versions prior to 16.4 Description: The issue allows a file from an iCloud shared-by-me folder to bypass Gatekeeper. This was addressed with additional checks by Gatekeepe...

Nextcloud: Nextcloud mail does not respect download permissions in shares

The Nextcloud mail application was found to not respect download permissions in shared files. This vulnerability could have allowed unauthorized access to shared files...

CVE-2022-0358

A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...

WordPress Shared Files plugin < 1.6.72 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Shared Files plugin versions 1.6.72. Solution Update the WordPress Shared Files plugin to the latest available version at least 1.6.72...

WordPress Shared Files plugin < 1.6.72 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Shared Files plugin versions 1.6.72. Solution Update the WordPress Shared Files plugin to the latest available version at least 1.6.72...

CVE-2021-24856

The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24856 Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting

The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24856

CVE-2021-24856 affects WordPress Shared Files plugin versions prior to 1.6.61. The vulnerability is a stored XSS in the Download Counter Text setting caused by insufficient sanitization/escaping, allowing an attacker with high privileges to execute JavaScript in the victim’s browser even when unf...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Shared Files plugin in versions prior to 1.6.61...

Nextcloud OfficeOnline Information Disclosure Vulnerability

Nextcloud is an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. nextcloud OfficeOnline applications prior to version 1.1.1 are vulnerable to an information disclosure vulnerability in which the vulnerable application returns...

Nextcloud Richdocuments Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud Richdocuments application in versions prior to 3.8.6 and 4.2.3 is vulnerable to an information disclosure vulnerability where the vulnerable...

Path traversal

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file...

CVE-2021-39224 File path disclosure of shared files in OfficeOnline application

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. e.g. an attacker could see that the file shared.txt is locat...

File path disclosure of shared files in OfficeOnline application

None...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud Richdocuments application in versions prior to 3.8.6 and 4.2.3 is vulnerable to an information disclosure vulnerability where the vulnerable...

CVE-2021-24736 Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues...