Lucene search
K

450 matches found

Github Security Blog
Github Security Blog
added 2022/02/26 12:0 a.m.31 views

jQuery-Upload-File XSS in fileNameStr

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

6.1CVSS5.7AI score0.00896EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/26 12:0 a.m.2 views

GHSA-43X9-7HFV-MXRF jQuery-Upload-File XSS in fileNameStr

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

6.1CVSS6.5AI score0.00896EPSS
Exploits0References3
NVD
NVD
added 2022/02/25 7:15 p.m.16 views

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

6.1CVSS0.00896EPSS
Exploits0References7
OSV
OSV
added 2022/02/25 7:15 p.m.4 views

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

6.1CVSS6.5AI score0.00896EPSS
Exploits0References7
Prion
Prion
added 2022/02/25 7:15 p.m.21 views

Cross site scripting

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

4.3CVSS5.9AI score0.00896EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2022/02/25 6:15 p.m.91 views

CVE-2021-37504

CVE-2021-37504 concerns an XSS in the fileNameStr parameter of the jQuery-Upload-File library (v4.0.11). Multiple connected sources corroborate that a crafted file name containing a Javascript payload can cause arbitrary web script execution. The root cause is the unsanitized fileNameStr input; e...

6.1CVSS5.9AI score0.00896EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2022/02/25 6:15 p.m.25 views

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

6AI score0.00896EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/02/25 12:0 a.m.26 views

PT-2022-10654 · Unknown · Jquery File Upload

Name of the Vulnerable Software and Affected Versions: jQuery-Upload-File version 4.0.11 Description: A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript paylo...

6.1CVSS6.1AI score0.00896EPSS
Exploits0References11
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.33 views

CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom

Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...

8.1CVSS5.7AI score0.00792EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2022/01/25 12:0 a.m.10 views

AdSanity < 1.8.2 - Contributor Arbitrary File Upload

The plugin does not have authorisation check in its adsanityhtml5upload, relying on a CSRF check for it. However, the nonce is available to any authenticated with a role as low contributor, allowing them to call it. Furthermore, due to the lack of validation of the upload file, it could allow the...

1.8AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/12/19 12:0 a.m.22 views

IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2021-101696)

IBM Business Automation Workflow is a workflow automation solution from IBM Corporation of the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.IBM Business Automation Workflow has a cross-sit...

5.4CVSS2.5AI score0.0048EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2021/10/31 2:34 p.m.74 views

Exploit for Code Injection in Gitlab

CVE-2021-22205 CVE-2021-22205 RCE 工具仅用于分享交流,切勿用于非授权测试,否则与作者无关...

10CVSS7.2AI score0.99731EPSS
Exploits30
Huntr
Huntr
added 2021/10/25 4:36 p.m.15 views

in marcoax/magutticms

Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

0.3AI score
Exploits0References3
Packet Storm
Packet Storm
added 2021/10/22 12:0 a.m.453 views

Clinic Management System 1.0 Code Execution / SQL Injection

Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...

0.4AI score
Exploits0
NVD
NVD
added 2021/10/19 1:15 p.m.13 views

CVE-2021-3846

firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type...

8.8CVSS0.00754EPSS
Exploits1References2
Huntr
Huntr
added 2021/10/08 11:6 a.m.8 views

Cross-site Scripting (XSS) - Stored in admidio/admidio

Description Stored XSS via upload file .svg allows for arbitrary execution of JavaScript Proof of Concept // PoC.req POST /demoen/admprogram/system/fileupload.php?module=documentsfiles&mode=uploadfiles&id=1 HTTP/2 Host: www.admidio.org Cookie:...

0.7AI score
Exploits0
CNNVD
CNNVD
added 2021/09/30 12:0 a.m.6 views

Netscout NgeniusOne 跨站脚本漏洞

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of user input validation and filtering of input data...

5.4CVSS5.3AI score0.00451EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2021/09/04 3:34 p.m.390 views

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShell Proof of Concept Exploit for Microsoft Exchange CVE...

10CVSS8.9AI score0.99999EPSS
Exploits18
OSV
OSV
added 2021/08/31 4:15 p.m.2 views

CVE-2021-29907

IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633...

8.8CVSS6.1AI score0.01475EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/25 7:10 p.m.31 views

CVE-2021-1577 Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...

9.1CVSS9.4AI score0.01303EPSS
Exploits0References1
Rows per page
Query Builder