3 matches found
CVE-2026-34213 Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...
Cross site scripting
A stored Cross-Site Scripting XSS vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details...
Sql injection
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the 1 invisible and 2 timeoffset parameters to profile/controlpanel.asp and the 3 attachmentid parameter to forums/attach-file.asp...