2040 matches found
CVE-2024-3344
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-25261 · WordPress · The Otter Blocks – Gutenberg Blocks
Name of the Vulnerable Software and Affected Versions: The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to Stored Cross-Site Scripting via SVG file upload due to insufficient...
PT-2024-19651 · WordPress · Revslider
Name of the Vulnerable Software and Affected Versions: Revslider plugin for WordPress versions up to, and including, 6.6.20 Description: The issue is related to Stored Cross-Site Scripting via svg upload due to insufficient input sanitization and output escaping. This allows authenticated attacke...
PT-2024-21998 · Unknown · Huly Platform
Name of the Vulnerable Software and Affected Versions: Huly Platform version 0.6.202 Description: The issue allows attackers to execute arbitrary code via the upload of a crafted SVG file to issues, which is a result of a Cross Site Scripting vulnerability. Recommendations: For Huly Platform...
Piccolo 安全漏洞
Piccolo is a fast, user-friendly ORM and query builder from Piccolo Open Source. A security vulnerability exists in Piccolo Admin prior to version 1.3.2, which stems from the fact that Piccolo's admin panel allows uploading of media files, which can be exploited by an attacker to upload an SVG...
PT-2024-23295 · Unknown · Piccolo Admin
Name of the Vulnerable Software and Affected Versions: Piccolo Admin versions prior to 1.3.2 Description: The issue concerns the Piccolo Admin interface, which allows media file uploads, including SVG files by default. An attacker can upload a malicious SVG file, which, when loaded, can provide...
CVE-2024-29273
There is Stored Cross-Site Scripting XSS in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document...
Debian dsa-5642 : php-dompdf-svg-lib - security update
The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5642 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1...
WordPress Scalable Vector Graphics (SVG) Plugin <= 3.4 is vulnerable to Cross Site Scripting (XSS)
Software Scalable Vector Graphics SVG Type Plugin Vulnerable versions = 3.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7085 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 893df7114366 Credits Bob Matyas...
CVE-2023-7085
The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG
The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-7085 Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG
The Scalable Vector Graphics SVG WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
batik: Server-Side Request Forgery vulnerability
A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure...
WordPress Plugin Scalable Vector Graphics Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-15207 · WordPress · Scalable Vector Graphics
Name of the Vulnerable Software and Affected Versions: Scalable Vector Graphics SVG WordPress plugin versions through 3.4 Description: The issue arises from the Scalable Vector Graphics SVG WordPress plugin's failure to sanitize uploaded SVG files. This could allow users with a role as low as...
Fedora: Security Advisory for batik (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: batik-1.14-13.fc40
Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...
Huly Platform Security Vulnerability
Huly Platform is an open source all-in-one project management platform. A security vulnerability exists in hcengineering Huly Platform version v.0.6.202. An attacker can exploit the vulnerability by uploading a specially crafted SVG file to run arbitrary code...
Arbitrary Code Execution
phenx/php-svg-lib is vulnerable to Arbitrary Code Execution. The vulnerability due to lack of validation of the font-family attribute. An attacker can parse a Scalable Vector Graphics SVG containing a PHAR url within the the font family attribute, potentially leading to arbitrary code execution...
Scalable Vector Graphics (SVG) <= 3.4 - Author+ Stored XSS via SVG
Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to see the XSS...