450 matches found
jQuery-Upload-File XSS in fileNameStr
A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...
GHSA-43X9-7HFV-MXRF jQuery-Upload-File XSS in fileNameStr
A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...
CVE-2021-37504
A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...
CVE-2021-37504
A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...
Cross site scripting
A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...
CVE-2021-37504
CVE-2021-37504 concerns an XSS in the fileNameStr parameter of the jQuery-Upload-File library (v4.0.11). Multiple connected sources corroborate that a crafted file name containing a Javascript payload can cause arbitrary web script execution. The root cause is the unsanitized fileNameStr input; e...
CVE-2021-37504
A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...
PT-2022-10654 · Unknown · Jquery File Upload
Name of the Vulnerable Software and Affected Versions: jQuery-Upload-File version 4.0.11 Description: A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript paylo...
CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...
AdSanity < 1.8.2 - Contributor Arbitrary File Upload
The plugin does not have authorisation check in its adsanityhtml5upload, relying on a CSRF check for it. However, the nonce is available to any authenticated with a role as low contributor, allowing them to call it. Furthermore, due to the lack of validation of the upload file, it could allow the...
IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2021-101696)
IBM Business Automation Workflow is a workflow automation solution from IBM Corporation of the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.IBM Business Automation Workflow has a cross-sit...
Exploit for Code Injection in Gitlab
CVE-2021-22205 CVE-2021-22205 RCE 工具仅用于分享交流,切勿用于非授权测试,否则与作者无关...
in marcoax/magutticms
Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...
Clinic Management System 1.0 Code Execution / SQL Injection
Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
CVE-2021-3846
firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type...
Cross-site Scripting (XSS) - Stored in admidio/admidio
Description Stored XSS via upload file .svg allows for arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demoen/admprogram/system/fileupload.php?module=documentsfiles&mode=uploadfiles&id=1 HTTP/2 Host: www.admidio.org Cookie:...
Netscout NgeniusOne 跨站脚本漏洞
Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of user input validation and filtering of input data...
Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft
ProxyShell Proof of Concept Exploit for Microsoft Exchange CVE...
CVE-2021-29907
IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633...
CVE-2021-1577 Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...