4 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-31865
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments...
Roundcube Webmail 跨站脚本漏洞
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking, and more. Roundcube Webmail suffers from a cross-site scripting vulnerability that originates from XSS when the program handles file extensions of attachments.Th...
The vulnerability in the Redmine project and task management web application, related to improper authorization, allows a perpetrator to compromise data integrity.
The vulnerability in the Redmine project and task management web application relates to the bypassing of allowed file extension restrictions for uploaded attachments. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the data...
mailman: XSS via file attachments in list archives
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...