Lucene search
K

5 matches found

Nuclei
Nuclei
added 10 hours ago192 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7.1AI score0.03757EPSS
Exploits1
OSV
OSV
added 2024/09/17 7:28 p.m.2 views

GHSA-64VR-G452-QVP3 Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name...

6.4CVSS5.7AI score0.00636EPSS
Exploits0References12
NVD
NVD
added 2022/07/13 9:15 p.m.36 views

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

8.8CVSS0.01578EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/07/13 12:0 a.m.34 views

CVE-2022-32114

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create upload" permission is supposed to be able to upload PDF fil...

8.4AI score0.01578EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/07/13 12:0 a.m.12 views

PT-2022-21097

Name of the Vulnerable Software and Affected Versions Strapi version 4.1.12 Description An unrestricted file upload vulnerability in the Add New Assets function allows attackers to conduct XSS attacks via a crafted PDF file. The project documentation suggests that a user with the Media Library...

8.8CVSS7.5AI score0.01578EPSS
Exploits1References17
Rows per page
Query Builder