CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

Sonatype Nexus Repository 跨站脚本漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software, etc. Versions of Sonatype Nexus Repository from 3.6.0 to 3.92.0 contained a cross-site scripting vulnerability. This...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of a security header on certain user-uploaded content served from repositories. An attacker can execute arbitrary scripts in the context of another user by uploading specially crafted content and...

CVE-2025-13488

The CVE-2025-13488 entry concerns Sonatype Nexus Repository 3 where a regression in version 3.83.0 stops applying a security header to certain user-uploaded content served from repositories, enabling stored XSS with user context. Affected component is the Nexus Repository 3 plugin chain handling ...

PT-2025-49112

Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting XSS vulnerability with user conte...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists in...

GHSA-4WX8-5GM2-2J97 filebrowser allows Stored Cross-Site Scripting through the Markdown preview function

Summary The Markdown preview function of File Browser v2.32.0 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser Impact A user can upload a malicious Markdown file to the application which can...

Cross Site Scripting(XSS)

camaleoncms is vulnerable to cross-site scripting XSS. The vulnerability is due to the ability for normal registered users to upload SVG images containing JavaScript or HTML documents by manipulating the format parameter, allowing malicious scripts to execute when an authenticated user or...

Open edX Platform 安全漏洞

Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in Open edX Platform that stems from the fact that for certain...

CVE-2023-6070

A server-side request forgery vulnerability in ESM prior to version 11.6.8 allows a low privileged authenticated user to upload arbitrary content, potentially altering configuration. This is possible through the certificate validation functionality where the API accepts uploaded content and doesn...

USN-4758-1 golang-1.10, golang-1.14 vulnerability

It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting XSS attacks...

CVE-2020-1255

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

CVE-2020-1112

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

Privilege escalation

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

joola.io: X-Content-Type-Options header missing

Hello Team The doesn't have a header settings for X-Content-Type Options which means it is vulnerable to MIME sniffing. The only defined value, "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google...