68 matches found
VvvebJs <= 2.0.5 - Cross-Site Scripting
Givanz Vvvebjs = 2.0.5 contains a stored XSS caused by manipulation of the "uploadAllowExtensions" argument in upload.php File Upload Endpoint, letting remote attackers execute scripts, exploit requires crafted input. id: CVE-2026-5615 info: name: VvvebJs = 2.0.5 - Cross-Site Scripting author:...
VvvebJs < 1.7.5 - Arbitrary File Upload
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. id: CVE-2024-29272 info: name: VvvebJs 1.7.5 - Arbitrary File Upload author: s4e-...
Exploit for CVE-2026-5615
CVE-2026-5615 — VvvebJs Stored Cross-Site Scripting RXSS...
CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...
EUVD-2026-19160
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...
CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...
CVE-2026-5615 givanz Vvvebjs File Upload Endpoint upload.php cross site scripting
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...
CVE-2026-5615
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...
CVE-2026-5615
The CVE-2026-5615 issue affects givanz Vvvebjs up to 2.0.5, specifically the File Upload Endpoint’s file upload.php. An manipulation of the uploadAllowExtensions argument enables cross-site scripting, with remote exploitation possible and a public exploit available. A patch is provided as 8cac22c...
PT-2026-30559
A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file upload.php of the component File Upload Endpoint. This manipulation of the argument uploadAllowExtensions causes cross site scripting. Remote exploitation of the attack is possibl...
VvvebJs 代码注入漏洞
VvvebJs is a drag-and-drop website generator developed by Givan’s individual developer. VvvebJs versions 2.0.5 and earlier had a code injection vulnerability, which stemmed from improper handling of the uploadAllowExtensions parameter in the upload.php file. This vulnerability could lead to...
CVE-2024-25183
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php...
CVE-2024-27480
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload...
CVE-2024-25181
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery SSRF and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "filegetcontents" function within the "save.php" file...
CVE-2024-25182
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php...
CVE-2024-25183
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php...
CVE-2024-25183
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php...
CVE-2024-27480
givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload...
CVE-2024-25182
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php...
CVE-2024-25182
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php...