WordPress plugin WP SVG Images security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP SVG Images plugin <= 4.2 - Authenticated Stored Cross-Site Scripting via SVG vulnerability

Authenticated Stored Cross-Site Scripting via SVG vulnerability discovered by Colin Xu in WordPress Plugin WP SVG images versions = 4.2...

WordPress Branda plugin <= 3.4.17 - Authenticated Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Branda versions = 3.4.17...

WordPress plugin SVGMagic security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in...

WordPress Divi Torque Lite plugin <= 3.6.6 - Authenticated Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin DiviTorque – Divi Theme, Divi Builder and Extra Theme versions = 3.6.6...

The vulnerability of the PHP-SVG-Lib library for file analysis and rendering of vector graphics lies in improper external control of file names or paths, allowing attackers to execute arbitrary code.

The vulnerability of the php-svg-lib library for analyzing and rendering vector graphics is related to improper external manipulation of the file name or path. Exploiting this vulnerability could allow an attacker to execute arbitrary code with insufficient protection against attacks...

DEBIAN-CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...

UBUNTU-CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes...

[SECURITY] Fedora 40 Update: qt5-qtsvg-5.15.14-1.fc40

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

The vulnerability of the Ghost content management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Ghost content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by sending a specially created malicious SVG file containing JavaScript code to port...

PT-2024-36493 · Alkacon · Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon's OpenCMS version 16 Description: Two Cross-Site Scripting issues have been discovered in Alkacon's OpenCMS, which could allow a user with sufficient privileges to create and modify web pages through the admin panel to execute malicio...

PT-2024-36494 · Opencms · Opencms

Name of the Vulnerable Software and Affected Versions: OpenCMS version 16 Description: The issue allows a user with the roles of gallery editor or VFS resource manager to upload images in the .svg format containing JavaScript code. This code will be executed when another user accesses the image...

UBUNTU-CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS Regular Expression Denial of Service if parsing an untrusted SVG file...

WordPress SVGMagic plugin <= 1.1 - Authenticated Stored XSS via SVG Upload vulnerability

Authenticated Stored XSS via SVG Upload vulnerability discovered by Rayhan Ramdhany Hanaputra in WordPress Plugin SVGMagic versions = 1.1...

webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents

A use-after-free vulnerability was found in the SVG implementation within WebKitGTK. This flaw allows remote attackers to exploit the removal of an SVGFontFaceElement object, which occurs through specific vectors that trigger the deletion of the object during rendering...

PT-2024-19734 · WordPress · The Fileorganizer – Manage Wordpress/Website Files

Name of the Vulnerable Software and Affected Versions: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.6 Description: The issue is related to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and...

UBUNTU-CVE-2024-33103

DISPUTED An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a...

WordPress Cost Calculator Builder Pro plugin <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload vulnerability

Unauthenticated Cross-Site Scripting via SVG Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Cost Calculator Builder Pro versions = 3.1.67...

DokuWiki 安全漏洞

DokuWiki is an easy-to-use and versatile open source Wiki software. A security vulnerability exists in DokuWiki version 2024-02-06a, which stems from an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code by uploading a crafted SVG file...

The vulnerability of JetBrains Toolbox’s tool set is related to uncontrolled resource consumption, allowing attackers to trigger service failures.

The vulnerability of the JetBrains Toolbox suite of tools is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures using SVG images...