69 matches found
Contao 跨站脚本漏洞
Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that stems from the fact that users can upload SVG files...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of SVG uploads. An attacker can inject malicious scripts and potentially redirect users to malicious websites by uploading specially crafted SVG files. Details Cross-site scripting or XS...
CVE-2024-13379
The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and...
WordPress GoodLayers Core plugin < 2.1.3 - Subscriber+ Stored XSS via SVG Upload vulnerability
Subscriber+ Stored XSS via SVG Upload vulnerability discovered by Amine SAJID in WordPress Plugin Goodlayers Core versions 2.1.3...
PT-2024-39722 · WordPress · Wp Shapes
Name of the Vulnerable Software and Affected Versions: WP SHAPES plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This allows authenticated...
PT-2024-16752 · WordPress · The Support Svg – Upload Svg Files In Wordpress Without Hassle
Name of the Vulnerable Software and Affected Versions: The Support SVG – Upload svg files in wordpress without hassle plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input...
PT-2024-10981 · Chatwoot · Chatwoot
Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.6 Description: A stored cross-site scripting XSS vulnerability was discovered, affecting the profile settings when a user uploads an SVG file containing a malicious XSS payload. When the avatar is opened ...
PT-2024-15977 · WordPress · Pjw Mime Config
Name of the Vulnerable Software and Affected Versions: PJW Mime Config plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers...
CVE-2024-9674
The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-9373
The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
CVE-2024-9072
The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2024-39399 · WordPress · Elementor Inline Svg
Name of the Vulnerable Software and Affected Versions: Elementor Inline SVG plugin for WordPress version 1.2.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
CVE-2024-9271
The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to injec...
PT-2024-39470 · WordPress · Demo Importer Plus
Name of the Vulnerable Software and Affected Versions: Demo Importer Plus plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...
PT-2024-39527 · WordPress · Relogo
Name of the Vulnerable Software and Affected Versions: Relogo plugin for WordPress versions up to, and including, 0.4.2 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
PT-2024-37875 · WordPress · Jeg Elementor Kit
Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...
PT-2024-26957 · WordPress · Webp & Svg Support
Name of the Vulnerable Software and Affected Versions: WebP & SVG Support WordPress plugin versions prior to 1.4.1 Description: The issue concerns the WebP & SVG Support WordPress plugin, which fails to properly sanitise uploaded SVG files. This could allow users with a role as low as Author to...
PT-2022-25291 · WordPress · Svg Support
Name of the Vulnerable Software and Affected Versions: SVG Support plugin for WordPress versions 2.5 through 2.5.1 Description: The SVG Support plugin for WordPress defaults to insecure settings, allowing authenticated attackers with author-level privileges and higher to upload malicious SVG file...
Claroline 跨站脚本漏洞
Claroline is an open source learning management system from Claroline Open Source. A security vulnerability exists in Claroline version 13.5.7 and earlier versions, which stems from a cross-site scripting XSS attack via SVG file uploads...
PT-2022-23849 · Claroline · Claroline
Name of the Vulnerable Software and Affected Versions: Claroline versions prior to 13.5.8 Description: The issue is related to Cross Site Scripting XSS via SVG file upload. This means an attacker could potentially inject malicious scripts into the system by uploading specially crafted SVG files...