Lucene search
K

69 matches found

CNNVD
CNNVD
added 2022/05/02 12:0 a.m.4 views

Vendure 跨站脚本漏洞

Vendure is a headless GraphQL eCommerce framework based on Node.js and Nest & TypeScript, focused on developer productivity and easy customization. version 0.1.0-alpha.2 to 1.5.1 of Vendure is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation...

5.4CVSS5.3AI score0.00588EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.4 views

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

7.3CVSS7.3AI score0.00597EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/04/21 12:0 a.m.4 views

PT-2022-7407 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.0 Description: The issue is related to a lack of sanitization on SVG file uploads, allowing an attacker to inject javascript into a user's avatar. This can lead to a cross-site scripting attack when any user views...

10CVSS6AI score0.99628EPSS
Exploits40References201
OSV
OSV
added 2022/03/07 9:15 a.m.4 views

CVE-2021-24960

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.0077EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/11 12:0 a.m.5 views

Projeqtor 安全漏洞

Projeqtor is a PHP-based open source project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A cross-site scripting vulnerability exists in Projeqtor 9.3.1 that allows an attacker ...

9.9CVSS8AI score0.01085EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/08 12:0 a.m.6 views

Alkacon OpenCms 代码问题漏洞

Alkacon OpenCms is an open source content management system CMS developed in Java.Alkacon OpenCms is vulnerable to an XML external entity vulnerability that can be exploited by attackers to steal files from the server's file system by uploading crafted SVG documents...

6.5CVSS6.5AI score0.01249EPSS
Exploits1References3
OSV
OSV
added 2021/01/06 3:15 p.m.4 views

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...

6.1CVSS6.4AI score0.00819EPSS
Exploits0References1
CNVD
CNVD
added 2018/12/05 12:0 a.m.3 views

ASUSTOR ADM cross-site scripting vulnerability (CNVD-2018-26928)

ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1, which can be exploited by remote attackers to execute JavaScript co...

6.1CVSS6.5AI score0.00692EPSS
Exploits1References1
OSV
OSV
added 2018/12/04 5:29 p.m.5 views

CVE-2018-12305

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript...

6.1CVSS5.8AI score0.00692EPSS
Exploits1References1
Rows per page
Query Builder