2040 matches found
CVE-2024-24943
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image...
JetBrains Toolbox Security Vulnerability
JetBrains Toolbox is a JetBrains product management application from JetBrains Czech Republic. A security vulnerability previously existed in the JetBrains Toolbox App version 2.2, which stemmed from a DoS attack that could be performed via a malicious SVG image...
PT-2024-14857 · B&R · B&R Automation Runtime
Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions = G4.93 Description: A reflected cross-site scripting XSS vulnerability exists in the SVG version of System Diagnostics Manager that enables a remote attacker to execute arbitrary JavaScript code in the context...
WordPress plugin Easy SVG Allow security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2024-22550
An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
PT-2024-19483 · Shopsite · Shopsite
Name of the Vulnerable Software and Affected Versions: ShopSite version 14.0 Description: An arbitrary file upload issue in the /alsdemo/ss/mediam.cgi component allows attackers to execute arbitrary code by uploading a crafted SVG file. Recommendations: For ShopSite version 14.0, consider disabli...
CVE-2024-23180
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...
PT-2024-19698 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.7 a-blog cms versions prior to 3.0.29 a-blog cms versions prior to 2.11.58 a-blog cms versions prior to 2.10.50 a-blog cms version 2.9.0 and earlier Description: The issue is related to improper input...
a-blog cms security breach
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.7, before Ver.3.0.29, before Ver.2.11.58, and before Ver.2.10.50, which can be exploited by an attacker to execute arbitrary code by uploading a specially crafted SVG file...
Webkul Software Bagisto Security Vulnerability
Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto v.1.5.0 and earlier versions, which stems from a cross-site scripting vulnerability that allows an attacker to execute arbitrary code via ...
PT-2023-30703 · Smartertools · Smartermail
Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions 8495 through 8664 Description: The issue allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'. An attacker with access to the backoffice can upload malicious SVG files containing scripts, which may be executed if another user is tricked into loadi...
PT-2023-31146 · Microsoft · Asp.Net
Name of the Vulnerable Software and Affected Versions: Umbraco versions 7.0.0 through 7.15.10 Umbraco versions 8.0.0 through 8.18.8 Umbraco versions 10.0.0 through 10.6.9 Umbraco versions 11.0.0 through 11.4.9 Umbraco versions 12.0.0 through 12.1.9 Description: Umbraco is an ASP.NET content...
CVE-2023-50465
A stored cross-site scripting XSS vulnerability exists in Monica aka MonicaHQ 4.0.0 via an SVG document uploaded by an authenticated user...
MonicaHQ Security Breach
MonicaHQ is a relationship management system from MonicaHQ, Inc. A security vulnerability exists in MonicaHQ version 4.0.0. An attacker can exploit this vulnerability to upload SVG documents that contain cross-site scripting vulnerabilities...
PT-2023-9161 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions prior to 5.76.0 Description: The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct a cross-site scripting XSS attack by sending a specially crafted malicious SVG file...
Cross-site Scripting (XSS)
Overview Squidex.ClientLibrary is a ClientLibrary for Squidex Headless CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due an incomplete blacklist in the SVG inspection process. An attacker can inject malicious JavaScript via the SRC attribute of an IFRAME elemen...
squidex 跨站脚本漏洞
squidex is a Headless CMS and content management center. A cross-site scripting vulnerability exists in Squidex versions prior to 7.9.0, which stems from the presence of an incomplete blacklist in the SVG check, and can be exploited by an attacker to conduct a cross-site scripting attack via the...
WordPress plugin Uploading SVG, WEBP and ICO files security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
October Cross-Site Scripting Vulnerability
October is an open source content management system CMS and web platform from October. A cross-site scripting vulnerability exists in October versions 3.0 through 3.5.2, which originates when SVG files are supported, and allows a user with access to the Media Manager, where SVG files are stored, ...