WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress WP S...

Pagekit 跨站脚本漏洞

Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...

CVE-2019-25046

The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document...

PYSEC-2021-84

Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...

[SECURITY] Fedora 34 Update: autotrace-0.31.1-60.fc34

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

[SECURITY] Fedora 33 Update: batik-1.14-2.fc33

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

Group Office CRM 跨站脚本漏洞

Group Office CRM is a software application. Share projects, calendars, files and emails with colleagues and clients online. Easy to use and fully customizable. A cross-site scripting vulnerability exists in the Contacts page in Group Office CRM version 6.4.196. An attacker can exploit this...

Fedora: Security Advisory for qt5-qtsvg (FEDORA-2021-a95a40b78b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: batik-1.14-1.fc34

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

[SECURITY] Fedora 33 Update: qt5-qtsvg-5.15.2-3.fc33

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

CVE-2021-27589

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-27589

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Design/Logic Flaw

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-27589

When a user opens manipulated Scalable Vector Graphics .SVG format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

PYSEC-2021-127

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

The vulnerability of the library for working with SVG images in Apache Batik, related to incorrect processing of data in the “xlink:href” attribute, allows attackers to perform CSRF attacks.

The vulnerability of the Apache Batik library for working with SVG images is related to improper processing of data in the “xlink:href” attribute. Exploiting this vulnerability can allow a remote attacker to perform CSRF attacks using specially crafted GET requests...

CVE-2020-35852

Chatbox is affected by cross-site scripting XSS. An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS...

PT-2021-12850 · Squaredup · Squaredup

Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0 Description: The issue allows for Stored XSS attacks. A user can create a dashboard that executes malicious content in an iframe or by uploading an SVG that contains a script. Recommendations: For versions...

The vulnerability of the SVG markup language implementation in Mozilla Firefox browsers allows attackers to compromise data integrity.

The vulnerability of the SVG markup language implementation in Mozilla Firefox’s browser is related to the lack of a mechanism for checking the tags. These tags can, in turn, utilize tags. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...