12 matches found
CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...
showdoc 跨站脚本漏洞
showdoc is an open source tool ideal for IT teams to share documents online. showdoc versions prior to v2.10.4 contain a file upload vulnerability that stems from the lack of effective detection of .xsl file extensions in the application's file upload feature. An attacker could exploit this...
Denial Of Service (DoS) Or Directory Traversal
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Denial Of Service (DoS)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags
It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...
Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20120627)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
Scientific Linux Security Update : php on SL6.x i386/x86_64 (20120627)
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...
php security update
CentOS Errata and Security Advisory CESA-2012:1046 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...
RedHat Update for php53 RHSA-2012:1047-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
php53 security update
CentOS Errata and Security Advisory CESA-2012:1047 Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...
Moderate: Red Hat Security Advisory: php security update
Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...