6 matches found
CVE-2026-41467
ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the...
CVE-2026-41467
ProjeQtor versions 7.0–12.4.3 are affected by a stored XSS in the file upload flow. The checkValidFileName() function fails to restrict HTML/HTM uploads, allowing authenticated attackers to place HTML files containing arbitrary JavaScript via image upload or attachment endpoints. When any user ac...
EUVD-2022-38375
Malicious code in bioql PyPI...
CVE-2022-35487
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files...
CVE-2022-35487
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files...
PT-2022-22863 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.0 Description: The issue is related to Incorrect Access Control in Zammad, where the software did not correctly perform authorization on certain attachment endpoints. This could be exploited by an unauthenticated attacker t...