4 matches found
qdPM cross-site scripting vulnerability (CNVD-2020-64598)
qdPM is a Web-based open source project management tool . A security vulnerability exists in qdPM version 9.1, which stems from the file upload feature not checking the file description, and can be exploited by an attacker to inject web scripts or HTML via attachment message parameters XSS...
CVE-2018-15668
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...
CVE-2018-15668
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...
CVE-2006-0915
Bugzilla 2.16.10 does not properly handle certain characters in the 1 maxpatchsize and 2 maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error...