CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-43234

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file...

Hoosk CMS 代码问题漏洞

Hoosk CMS is a lightweight content management system. Hoosk CMS v1.8.0 suffers from an arbitrary file upload vulnerability that stems from its /attachments component failing to validate uploaded files. An attacker can exploit the vulnerability to remotely execute code...

PT-2022-26809 · Hoosk · Hoosk

Name of the Vulnerable Software and Affected Versions: Hoosk version 1.8 Description: An arbitrary file upload vulnerability in the "/attachments" component allows attackers to execute arbitrary code via a crafted PHP file. Recommendations: For Hoosk version 1.8, consider disabling the...

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

Cross site scripting

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2022-3469

CVE-2022-3469 affects the WP Attachments WordPress plugin prior to 5.0.5. The issue is that certain settings are not properly sanitized/escaped, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite setups)...

CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

WordPress plugin WP Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2022-22298 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments versions prior to 5.0.5 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escaped. The atta...

CVE-2022-26122

An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...

PT-2022-5767 · Fortinet · Forticlient +2

Name of the Vulnerable Software and Affected Versions: FortiClient, FortiMail, and FortiOS AV engines versions 6.2.168 and below FortiClient, FortiMail, and FortiOS AV engines versions 6.4.274 and below Description: The issue is related to insufficient verification of data authenticity, which may...

CVE-2022-31468

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter...

Tenable Network Security Nessus 安全漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus. An attacker can exploit this vulnerability to read Nessus debug log file attachments from the web UI without proper privileges...

CVE-2022-31468

OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter...

PT-2022-26615 · Apple · Macos Monterey +3

Name of the Vulnerable Software and Affected Versions: macOS Monterey versions prior to 12.6.3 macOS Big Sur versions prior to 11.7.3 macOS Ventura version 13 is not affected as it already includes the fix, but versions prior to 13 are affected. However, since the exact affected range for Ventura...

PT-2022-20745 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions through 8.2 Description: The issue allows for XSS via an attachment or OX Drive content when a client uses the len or off parameter. This can be exploited when the client utilizes specific parameters in conjunction with...