EUVD-2026-31401

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

PT-2025-48654

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save file function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessib...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the EntriesForm class in the Forms module. An attacker can submit files with malicious filenames and execute arbitrary JavaScript in the browser context of authenticated admins. Note: This is a persistent XS...

Apache Superset is vulnerable to Cross-Site Scripting (XSS)

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

CVE-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

CVE-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

CVE-2022-37160

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

Cross site scripting

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...

PT-2022-23848 · Claroline · Claroline

Name of the Vulnerable Software and Affected Versions: Claroline versions 13.5.7 and prior Description: The issue allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. This can be achieved by combining an XSS vulnerability present in several uploa...

CVE-2019-19669

A CSRF vulnerability exists in the Upload Center Forms Component of Web File Manager in Rumpus FTP 8.2.9.1. This could allow an attacker to delete, create, and update the upload forms via RAPR/TriggerServerFunction.html...

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities

No description provided by source. from http://thomaspollet.blogspot.be/2013/11/Palo-Alto-XSS.html : A couple of bugs exist in Palo Alto Networks PANOS = 5.0.8 which can be exploited to conduct cross-site scripting attacks. - Certificate fields are displayed in the firewall web interface without...

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities from http://thomaspollet.blogspot.be/2013/11/Palo-Alto-XSS.html : A couple of bugs exist in Palo Alto Networks PANOS These issues have been fixed in PANOS 5.0.9 . Example html source code to CSRF POST a rogue cert : 1. PA: 2. 3. 4. 5. 6...

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities

Exploit for php platform in category web applications A couple of bugs exist in Palo Alto Networks PANOS These issues have been fixed in PANOS 5.0.9 . Example html source code to CSRF POST a rogue cert : 1. PA: 2. 3. 4. 5. 6. ----------------------------- 7. Content-Disposition: form-data;...

Palo Alto Networks PanOS 5.0.8 XSS / CSRF

Palo Alto Networks PANOS , L=Default City, O=Default Company Ltd Validity Not Before: Oct 1 16:28:18 2013 GMT Not After : Oct 1 16:28:18 2014 GMT Subject: C=XX, ST=, L=Default City, O=Default Company Ltd Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: 1024 bit Modulus:...

Mozilla Firefox Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Seamonkey Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Firefox Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...

Mozilla Seamonkey Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Seamonkey, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Seamonkey Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...