CVE-2025-54300

A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads...

CVE-2025-54300

CVE-2025-54300 affects the Quantum Manager component for Joomla, versions 1.0.0–3.2.0. The root cause is an unsanitized SVG upload mechanism that allows stored XSS. The CVSS 4.0 vector indicates Network access, high impact on confidentiality and availability, and user interaction not required but...

Security update for libqt4

This update for libqt4 fixes the following issues: CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file with an...

PT-2025-34597 · Joomla +1 · Joomla! +1

Name of the Vulnerable Software and Affected Versions: Quantum Manager versions 1.0.0 through 3.2.0 Description: A stored cross-site scripting XSS issue was identified in the Quantum Manager component for Joomla. The SVG upload feature does not properly sanitize uploaded files, allowing for the...

Linux Distros Unpatched Vulnerability : CVE-2017-6820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rcubeutils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets CSS...

Linux Distros Unpatched Vulnerability : CVE-2018-6561

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2018-19206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

CVE-2025-55742

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1...

Linux Distros Unpatched Vulnerability : CVE-2018-19882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and...

CVE-2025-55742

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1...

CVE-2025-55742 UnoPim Stored XSS via SVG MIME/Sanitizer Bypass

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1...

CVE-2025-55742

CVE-2025-55742 concerns UnoPim, a Laravel-based open-source PIM. The vulnerability is a stored XSS in the user-creation endpoint (/admin/settings/users/create) caused by a SVG MIME/sanitizer bypass. It affects UnoPim versions before 0.2.1 and is fixed in 0.2.1. The issue arises from insufficient ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the user creation process via the /admin/settings/users/create endpoint, where file uploads are insufficiently sanitized due to improper MIME type validation. An attacker can execute arbitrary JavaScript in t...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

UnoPim 跨站脚本漏洞

UnoPim is an open source Product Information Management PIM system based on the Laravel framework by UnoPim Open Source. A cross-site scripting vulnerability exists in UnoPim versions prior to 0.2.1, which stems from a stored cross-site scripting vulnerability that could lead to bypassing SVG MIM...

PT-2025-34235 · Unopim +1 · Unopim +1

Name of the Vulnerable Software and Affected Versions: UnoPim versions prior to 0.2.1 Description: UnoPim, an open-source Product Information Management PIM system built on the Laravel framework, contains a stored cross-site scripting vulnerability. The vulnerability is due to an SVG MIME/sanitiz...

ROS-20250821-08

A vulnerability in the TCPDF PHP library is related to reading arbitrary files from the server's file system via the src tag. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information. information Vulnerability in TCPDF PHP library is related to improper...

Linux Distros Unpatched Vulnerability : CVE-2024-29881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content loading and content inserting code. A S...

Linux Distros Unpatched Vulnerability : CVE-2022-23519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain...

Linux Distros Unpatched Vulnerability : CVE-2022-26381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects...