CVE-2025-65778

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type text/html, allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token thef...

PT-2025-51217

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 18.16 Description An issue exists in Wekan, an open-source kanban board system, where uploaded attachments can be served with a Content-Type controlled by an attacker specifically, text/html. This allows for the executi...

CVE-2025-65778

CVE-2025-65778 affects Wekan (The Open Source Kanban Board) up to version 18.15; fixed in 18.16. Vulnerability arises when uploaded attachments are served with attacker-controlled Content-Type (text/html), permitting execution of attacker-supplied HTML/JS within the application's origin and enabl...

Linux Distros Unpatched Vulnerability : CVE-2022-25802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Best Practical Request Tracker RT before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. CVE-2022-25802 Note that Nessus...

CVE-2023-37913

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...

DEBIAN-CVE-2022-25802

Best Practical Request Tracker RT before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment...

UBUNTU-CVE-2022-25802

Best Practical Request Tracker RT before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment...

Best Practical Request Tracker 跨站脚本漏洞

Best Practical Request Tracker is an event tracking system written in Perl. A cross-site scripting vulnerability exists in Best Practical Request Tracker. An attacker could use this vulnerability to trigger cross-site scripting in Request Tracker via the attachment content type, which could be us...

PT-2022-3609 · Unknown +2 · Request Tracker +2

Name of the Vulnerable Software and Affected Versions: Request Tracker versions prior to 4.4.6 Request Tracker versions 5.x prior to 5.0.3 Description: The issue allows for a cross-site scripting XSS attack via a crafted content type for an attachment. This can be exploited by a remote attacker t...

DEBIAN-CVE-2013-4479

lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...

UBUNTU-CVE-2013-4479

lib/sup/messagechunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the contenttype of an email attachment...

CVE-2006-1911

Cross-site scripting XSS vulnerability in MyBB MyBulletinBoard 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment...