Lucene search
K

181 matches found

OSV
OSV
added 2022/12/08 9:29 p.m.20 views

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

5.4CVSS5.9AI score0.00939EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/07/19 7:15 p.m.3 views

CVE-2022-36303

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the handlefileupload function at /web/api/v1/upload/UploadHandler.php...

6.1CVSS6.2AI score0.00441EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.3 views

Vesta Control Panel 跨站脚本漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version v1.0.0-5, which stems from a security issue in the body function of UploadHandler.php...

6.1CVSS6.2AI score0.00441EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.4 views

Vesta Control Panel 跨站脚本漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version v1.0.0-5, which stems from a security issue in the handlefileupload function in UploadHandler.php...

6.1CVSS6.2AI score0.00441EPSS
Exploits1References2
OSV
OSV
added 2022/05/17 7:57 p.m.13 views

GHSA-WXG6-F773-G2F7 jQuery File Upload Plugin Unrestricted file upload vulnerability

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

9.8CVSS9.8AI score0.91656EPSS
Exploits2References9
CNVD
CNVD
added 2020/06/08 12:0 a.m.2 views

Raonwiz DEXT5 Editor Arbitrary File Download Vulnerability

Raonwiz DEXT5 Editor is an HTML-based Web editor from the Korean company Raonwiz. A security vulnerability exists in the handler/uploadhandler.jsp file in Raonwiz DEXT5 Editor 3.5.1402961 and earlier versions. An attacker can exploit this vulnerability to download arbitrary files with the help of...

7.5CVSS6.9AI score0.01104EPSS
Exploits1References1
OSV
OSV
added 2020/06/07 1:15 a.m.5 views

CVE-2020-13894

handler/uploadhandler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field...

7.5CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2020/06/07 1:15 a.m.14 views

Design/Logic Flaw

handler/uploadhandler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field...

5CVSS7.5AI score0.01104EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/03/31 1:15 p.m.4 views

CVE-2020-11414

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the...

7.5CVSS7.2AI score0.01042EPSS
Exploits0References1
OSV
OSV
added 2019/09/11 2:15 p.m.1 views

DEBIAN-CVE-2019-16217

WordPress before 5.2.3 allows XSS in media uploads because wpajaxuploadattachment is mishandled...

6.1CVSS6.9AI score0.01532EPSS
Exploits0References1
OSV
OSV
added 2019/05/24 6:29 p.m.3 views

CVE-2016-10756

Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/uploadmain.php can be used for the upload itself...

8.8CVSS5.8AI score0.00669EPSS
Exploits1References2
OSV
OSV
added 2019/03/07 5:29 a.m.3 views

CVE-2019-9623

Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "!--exec cmd=" in a .shtml file to ckuploadhandler.php...

9.8CVSS7.9AI score
Exploits0References2
CNVD
CNVD
added 2019/03/07 12:0 a.m.2 views

Feng Office Arbitrary Code Execution Vulnerability

Feng Office is an open source online collaboration system , using the B/S architecture , using php language development . An arbitrary code execution vulnerability exists in Feng Office 3.7.0.5. A remote attacker can exploit this vulnerability by using the "! --exec cmd=" in the...

9.8CVSS8.4AI score0.08116EPSS
Exploits1References1
OSV
OSV
added 2018/10/17 7:56 p.m.2 views

GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS7.6AI score0.91896EPSS
Exploits11References31
Cvelist
Cvelist
added 2018/02/08 3:0 p.m.22 views

CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload...

9AI score0.01192EPSS
Exploits0References1
OSV
OSV
added 2017/10/14 11:29 p.m.3 views

DEBIAN-CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML extern...

9.8CVSS8.9AI score0.91896EPSS
Exploits11References1
seebug.org
seebug.org
added 2017/02/09 12:0 a.m.35 views

Pear HTTP_Upload 1.0. 0b3 - arbitrary file upload

Vulnerability description Vulnerability impact: Pear HTTPUpload 1.0. 0b3 Download: https://pear.php.net/manual/en/package.http.http-upload.php Vulnerability type: arbitrary file upload Pear HTTPUpload profile: Pear's HTTPUpload class library provides a good package of html form file upload handle...

7.3AI score
Exploits0
CNVD
CNVD
added 2016/09/23 12:0 a.m.3 views

Wordpress plugin bordeaux theme upload shell vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An upload vulnerability exists in the WordPress plugin bordeaux theme, which can be exploited by an attacker ...

6.9AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Wordpress Highlight Premium Theme - CSRF File Upload Vulnerability

No description provided by source. Title : Wordpress Highlight Premium Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/10/2013 - 10 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

WordPress Curvo Themes - CSRF File Upload Vulnerability

No description provided by source. . . . \ \ | / \ \ \ | || / \ / / \ / |/ \ / | / \ / / /| | |/ \ \ \ // \ / / | \ /\ / | \ \ \ / \ //\ |\ | /\ // | /|\ / / / / / / / Exploit Title: WordPress Curvo Themes CSRF File Upload Vulnerability Author: Byakuya Date: 10/26/2013 Vendor...

7.1AI score
Exploits0
Rows per page
Query Builder