Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Zenario CMS 跨站脚本漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system. A security vulnerability exists in Zenario CMS version 9.0.54156, which stems from Zenario CMS version 9.0.54156 Uploading files to .SVG is vulnerable to cross-site scripting. An attacker can send a...

Sylius 跨站脚本漏洞

Sylius is an open source e-commerce platform. Sylius suffers from a cross-site scripting vulnerability that could be exploited by attackers to upload SVG files containing XSS code in the administration panel to obtain user cookies and construct phishing attacks...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

DRUPAL-CONTRIB-2022-028

SVG Formatter module provides support for using SVG images on your website. Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which originates from a mix-up in instructions responsible for freeing memory when processing HTML content, and can be exploited by remote attackers ...

CVE-2021-24960

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

PeTeReport 跨站脚本漏洞

PeTeReport is an open source application vulnerability reporting tool. PeTeReport has a cross-site scripting vulnerability that stems from the software's lack of filtering and escaping of user data, which could be exploited by an attacker to inject persistent JavaScript code through an...

CVE-2022-24588

Flatpress v1.2.1 was discovered to contain a cross-site scripting XSS vulnerability in the Upload SVG File function...

PT-2022-16740 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.2.1 Description: A cross-site scripting XSS issue was found in the Upload SVG File function. This could potentially allow attackers to inject malicious scripts into websites. Recommendations: For Flatpress version 1.2.1,...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder with no database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress v1.2.1, which stems from the discovery of a cross-site scripting XSS vulnerability in the Upload SVG File function...

CVE-2021-42940

A Cross Site Scripting XSS vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code...

Projeqtor 安全漏洞

Projeqtor is a PHP-based open source project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A cross-site scripting vulnerability exists in Projeqtor 9.3.1 that allows an attacker ...

Studio 42 elFinder 跨站脚本漏洞

Studio 42 elFinder is an open source web file manager that uses jQuery and jQuery UI and is written in JavaScript. A cross-site scripting vulnerability exists in Studio 42 elFinder that stems from the product's failure to securely handle SVG document data. The vulnerability can be exploited to...

Xwiki Platform 跨站脚本漏洞

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. Xwiki Platform is vulnerable to cross-site scripting, which can be exploited to upload SVGs containing scripts executed when performing download operations on files when using the default...

DEBIAN-CVE-2021-44118

SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users stored XSS...