69 matches found
Vendure 跨站脚本漏洞
Vendure is a headless GraphQL eCommerce framework based on Node.js and Nest & TypeScript, focused on developer productivity and easy customization. version 0.1.0-alpha.2 to 1.5.1 of Vendure is vulnerable to a cross-site scripting vulnerability that stems from the program's lack of data validation...
GLPI 跨站脚本漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
PT-2022-7407 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.0 Description: The issue is related to a lack of sanitization on SVG file uploads, allowing an attacker to inject javascript into a user's avatar. This can lead to a cross-site scripting attack when any user views...
CVE-2021-24960
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks...
Projeqtor 安全漏洞
Projeqtor is a PHP-based open source project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A cross-site scripting vulnerability exists in Projeqtor 9.3.1 that allows an attacker ...
Alkacon OpenCms 代码问题漏洞
Alkacon OpenCms is an open source content management system CMS developed in Java.Alkacon OpenCms is vulnerable to an XML external entity vulnerability that can be exploited by attackers to steal files from the server's file system by uploading crafted SVG documents...
CVE-2020-36171
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...
ASUSTOR ADM cross-site scripting vulnerability (CNVD-2018-26928)
ASUSTOR ADM is a set of operating systems from ASUSTOR dedicated to ASUSTOR NAS storage devices.File Explorer is one of the file browsers. A cross-site scripting vulnerability exists in File Explorer in ASUSTOR ADM version 3.1.1, which can be exploited by remote attackers to execute JavaScript co...
CVE-2018-12305
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript...