82 matches found
Nextcloud 跨站脚本漏洞
Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.3.0. The vulnerability stems from a missing file type check. An attacker can exploit this vulnerability by uploading a malicious SVG file to conduct a...
Concrete5 Cross-Site Scripting Vulnerability (CNVD-2019-18846)
concrete5 is an open source content management system CMS for publishing content on the World Wide Web and intranet. A cross-site scripting vulnerability exists in Concrete5 8.4.3. The vulnerability stems from config/concrete.php allowing the upload of SVG files that may contain HTML data with...