Cross-Site Scripting

concrete5/concrete5 is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization of input in the getAttributeSetName function, allowing an admin authenticated attacker to inject malicious code...

Cross-site Scripting (XSS)

Magento-lts is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper system config sanitisation within the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt, which allows an admin authenticated attacker to perform Cross-site...

Cross Site Scripting (XSS)

concrete5/concrete5 is vulnerable to Cross Site ScriptingXSS. The vulnerability due to file attributes which are insufficiently sanitized via the Edit Attributes page. It vulnerability allows an admin authenticated attacker to inject malicious code into file tags or description attributes,...

CVE-2023-22273

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

Path traversal

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

Arbitrary Code Execution

Pagekit/pagekit is vulnerable to Arbitrary Code Execution. The vulnerability exists because the updateAction function in UpdateController.php blindly executes code in the uploaded requirements.php file which allow an admin authenticated attacker to execute malicious code into the system...

Denial Of Service (DoS)

ethyca-fides is vulnerable to Denial Of Service DoS. The vulnerability exists due to the lack of validation checks for SVGs in the savetemplate function of connectorregistryservice.py, which allows an admin authenticated attacker to crash the application by uploading a zip file containing a...

Server-side Request Forgery (SSRF)

github.com/darklynx/request-baskets is vulnerable to Server-side Request Forgery SSRF. The vulnerability exists due to the improper validation in the /api/baskets/name path, allowing an admin authenticated attacker to access network resources and sensitive information via a maliciously crafted AP...

Cross-site Scripting (XSS)

backdrop/backdrop is vulnerable to Cross-Site Scripting XSS. The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post...