Lucene search
K

5 matches found

Prion
Prion
added 2024/01/19 5:15 a.m.14 views

Design/Logic Flaw

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...

5.8CVSS5.9AI score0.00441EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/19 7:56 p.m.11 views

CVE-2023-3722 Avaya Aura Device Services Remote Code Execution

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier...

8.6CVSS8.2AI score0.03334EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/29 12:0 a.m.6 views

ZOHO ManageEngine Log360 代码问题漏洞

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.An input...

9.8CVSS6.1AI score0.07013EPSS
Exploits0References1
Prion
Prion
added 2014/09/04 10:55 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file...

3.5CVSS5.5AI score0.00936EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2014/02/14 7:55 p.m.28 views

CVE-2013-7032

Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...

4.3CVSS5.6AI score0.01792EPSS
Exploits0References4
Rows per page
Query Builder