dify 安全漏洞

dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have a security vulnerability. This vulnerability stems from an authorization bypass issue in the file preview endpoint, which allows any authenticated user to read the first 3,000 characte...

EUVD-2019-9116

Malware in sbrugna...

CVE-2022-36677

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload functionality. An attacker can inject malicious scripts or execute arbitrary code by uploading a crafted PDF file containing JavaScript. Details Cross-site scripting or XSS is a code vulnerability...

BIT-ALFRESCO-2020-8778

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...

CVE-2022-36677

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

CVE-2022-36677

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

Code injection

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

CVE-2022-36677

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

CVE-2022-36677

Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...

CVE-2019-16955

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request...

Unspecified Vulnerability in Canon Oce Colorwave 500

The Canon Oce Colorwave 500 is a printer from Canon Japan. An authentication bypass vulnerability exists in the /home.jsp page of the web application in the Canon Oce Colorwave 500 version 4.0.0.0. An attacker can exploit this vulnerability to obtain a backup file of a document uploaded by an...

CVE-2018-19599

Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product...

CVE-2020-8778

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...

CVE-2020-8778

CVE-2020-8778 affects Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0, where an attacker with write access to a project can trigger a stored XSS via an uploaded document. Public references describe the issue as a cross‑site scripting vulnerability in the document upload w...

PT-2020-20270 · Alfresco · Alfresco Community +1

Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.7 Alfresco Community versions prior to 6.2.0 rb65251d6-b368 Description: The issue allows for cross-site scripting XSS attacks via an uploaded document. This can occur when an attacker has write acces...

PT-2019-15858 · Alfresco · Alfresco Enterprise

Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.5 Description: The issue allows for stored XSS via an uploaded HTML document. This means an attacker can upload a malicious HTML file to the system, which can then execute scripts on the user's browse...