Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-23380

Malware in sbrugna...

6.3CVSS6.4AI score0.00616EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-19395

Malware in sbrugna...

9.8CVSS9.5AI score0.02314EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:52 a.m.20 views

BIT-ESPOCRM-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

6.3CVSS5.8AI score0.00583EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.3 views

WPanel 代码问题漏洞

WPanel is a CMS for building blogs, websites, and web applications. A security vulnerability exists in WPanel 4 4.3.1 and lower, which originates from uploading 1 dashboard avatar images, 2 post folder images, 3 page folder images, and 4 gallery folder images via malicious PHP files...

8.8CVSS8AI score0.01706EPSS
Exploits1References3
CNVD
CNVD
added 2021/08/06 12:0 a.m.24 views

Akaunting Cross-Site Scripting Vulnerability (CNVD-2021-94938)

Akaunting is a free, open source online accounting software designed for small businesses and freelancers. akaunting 2.1.12 and earlier versions contain a persistent cross-site scripting vulnerability when processing user-supplied avatar images. An attacker could exploit the vulnerability to inse...

6.3CVSS3AI score0.00616EPSS
Exploits1References1
NVD
NVD
added 2021/08/04 11:15 p.m.15 views

CVE-2021-3539

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

6.3CVSS0.00583EPSS
Exploits0References1
OSV
OSV
added 2021/08/04 11:15 p.m.18 views

CVE-2021-36803

Akaunting version 2.1.12 and earlier suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product...

5.4CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2021/08/04 11:15 p.m.19 views

Cross site scripting

EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...

3.5CVSS5.3AI score0.00583EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/08/04 11:15 p.m.16 views

Cross site scripting

Akaunting version 2.1.12 and earlier suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product...

3.5CVSS5.3AI score0.00616EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/04 10:20 p.m.229 views

CVE-2021-3539

CVE-2021-3539 affects EspoCRM 6.1.6 and earlier, with a persistent (type II) cross-site scripting (XSS) vulnerability in handling user-supplied avatar images. The issue is fixed in version 6.1.7. The connected documents corroborate the vulnerability and the fix; no exploit details are provided. R...

6.3CVSS5.8AI score0.00583EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/08/04 10:20 p.m.247 views

CVE-2021-36803

CVE-2021-36803 affects Akaunting 2.1.12 and earlier; it is a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. The underlying issue is that avatar upload content is rendered, allowing injected HTML/JS to execute when an avatar is viewed. Seve...

6.3CVSS5.5AI score0.00616EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/04 12:0 a.m.3 views

PT-2021-20904 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions 6.1.6 and prior Description: The issue is a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This vulnerability was fixed in version 6.1.7 of the product. Recommendations: F...

8.1CVSS5.9AI score0.01029EPSS
Exploits0References15
OSV
OSV
added 2018/06/21 7:29 p.m.5 views

CVE-2018-7679

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...

9.8CVSS6.1AI score0.02314EPSS
Exploits0References1
Prion
Prion
added 2018/06/21 7:29 p.m.15 views

Remote code execution

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...

7.5CVSS9.7AI score0.02314EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/21 7:29 p.m.22 views

CVE-2018-7679

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...

9.8CVSS9.8AI score0.02314EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/21 7:0 p.m.12 views

CVE-2018-7679

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...

9.8AI score0.02314EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/09/07 4:0 a.m.16 views

CVE-2005-2817

Simple Machines Forum SMF 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server...

6.4AI score0.01548EPSS
Exploits1References5
Rows per page
Query Builder