Lucene search
+L

161 matches found

Snyk
Snyk
added 2026/07/10 10:28 p.m.3 views

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the UploadFileRequest process, which fails to properly sanitize SVG content unless PHP finfo reports image/svg+xml, and the...

8.7CVSS6.2AI score0.00316EPSS
Exploits1References2
NVD
NVD
added 2026/05/28 9:16 p.m.15 views

CVE-2026-44657

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS0.00349EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 8:25 p.m.13 views

EUVD-2026-33023

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 8:25 p.m.32 views

CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS0.00349EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:25 p.m.9 views

CVE-2026-44657

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00349EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.2 contained a cross-site scripting vulnerability. This vulnerability occurred when using the showinline=1 parameter and a valid CSRF token, allowing attackers to...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/11 7:40 p.m.12 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the filedownload.php process when the showinline=1 parameter and a valid fileshowinlinetoken CSRF token are provided. An attacker can execute arbitrary JavaScript co...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 7:40 p.m.12 views

MantisBT Vulnerable to Stored XSS in File Download

Using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. Impact Cross-site scripting Patches - 26647b2e68ba30b9d7987d4e03d7a16416684bc2 Workarounds None...

7.5CVSS6AI score0.00349EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39900

Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description An attacker can execute code via stored cross-site scripting XSS by uploading a crafted XHTML attachment that references a JavaScript attachment. This is achieved by using the 'file...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References10
OSV
OSV
added 2026/04/01 10:0 a.m.3 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/24 12:30 a.m.8 views

EUVD-2026-14650

The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on importpopuptemplates function as well as insufficient file type validation in the uploadfiles function in all versions up to, and including, 4.14.1. This makes it possible for Authenticat...

8.8CVSS5.9AI score0.00676EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24758

Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.10 views

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

6.1CVSS6.2AI score0.00538EPSS
Exploits2References1
Fedora
Fedora
added 2025/12/25 1:8 a.m.16 views

[SECURITY] Fedora 42 Update: roundcubemail-1.6.12-1.fc42

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

7.5CVSS7AI score0.20094EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-1654

Malware in sbrugna...

6.1CVSS7.7AI score0.01513EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-9928

Malware in sbrugna...

7.5CVSS7.6AI score0.03044EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.15 views

EUVD-2014-8819

Malware in sbrugna...

4.3CVSS6.4AI score0.01936EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-2281

Malware in sbrugna...

4.3CVSS9.2AI score0.0245EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1131

Malware in sbrugna...

7.5CVSS8.3AI score0.01977EPSS
Exploits2References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-39943

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00538EPSS
Exploits2References2
Rows per page
Query Builder