CVE-2022-40048

Flatpress v1.2.1 was discovered to contain a remote code execution RCE vulnerability in the Upload File function...

PT-2022-25176 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.2.1 Description: A remote code execution issue was found in the Upload File function, allowing for potential code execution. Recommendations: For version 1.2.1, consider disabling the Upload File function until a patch is...

CVE-2022-20146

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

FUDForum Remote Code Execution Vulnerability

FUDForum is a PHP-based open source forum software.FUDForum versions prior to 3.1.2 are vulnerable to remote code execution. An attacker can use this vulnerability to execute remote code with the help of the upload file function of the file management system in the administration control panel...

CVE-2022-30860

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...

CVE-2022-30860

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...

Remote code execution

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...

WordPress plugin User Meta Manager 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A path traversal vulnerability exists in versions of the WordPress User Meta Manager plugin prior to...

CVE-2020-22987

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task...

CVE-2021-41952

CVE-2021-41952 relates to Zenario CMS 9.0.54156, where an XSS vulnerability exists through uploading SVG files. The technical detail in the connected advisories confirms that an attacker can craft a malicious SVG upload to trigger a cross-site scripting condition, enabling theft of victim cookies...

Hayageek Jquery Upload File Cross-Site Scripting Vulnerability

Hayageek Jquery Upload File is a jQuery-based file upload plugin from Hayageek's personal developer. Hayageek Jquery Upload File v4.0.11 contains a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary web script or HTML via a specially crafted file with a...

jQuery-Upload-File XSS in fileNameStr

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

GHSA-43X9-7HFV-MXRF jQuery-Upload-File XSS in fileNameStr

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

Cross site scripting

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

CVE-2021-37504

CVE-2021-37504 concerns an XSS in the fileNameStr parameter of the jQuery-Upload-File library (v4.0.11). Multiple connected sources corroborate that a crafted file name containing a Javascript payload can cause arbitrary web script execution. The root cause is the unsanitized fileNameStr input; e...

PT-2022-10654 · Unknown · Jquery File Upload

Name of the Vulnerable Software and Affected Versions: jQuery-Upload-File version 4.0.11 Description: A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript paylo...

CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom

Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...