17 matches found
EUVD-2021-23380
Malware in sbrugna...
EUVD-2018-19395
Malware in sbrugna...
BIT-ESPOCRM-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
WPanel 代码问题漏洞
WPanel is a CMS for building blogs, websites, and web applications. A security vulnerability exists in WPanel 4 4.3.1 and lower, which originates from uploading 1 dashboard avatar images, 2 post folder images, 3 page folder images, and 4 gallery folder images via malicious PHP files...
Akaunting Cross-Site Scripting Vulnerability (CNVD-2021-94938)
Akaunting is a free, open source online accounting software designed for small businesses and freelancers. akaunting 2.1.12 and earlier versions contain a persistent cross-site scripting vulnerability when processing user-supplied avatar images. An attacker could exploit the vulnerability to inse...
CVE-2021-3539
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
CVE-2021-36803
Akaunting version 2.1.12 and earlier suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product...
Cross site scripting
EspoCRM 6.1.6 and prior suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product...
Cross site scripting
Akaunting version 2.1.12 and earlier suffers from a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product...
CVE-2021-3539
CVE-2021-3539 affects EspoCRM 6.1.6 and earlier, with a persistent (type II) cross-site scripting (XSS) vulnerability in handling user-supplied avatar images. The issue is fixed in version 6.1.7. The connected documents corroborate the vulnerability and the fix; no exploit details are provided. R...
CVE-2021-36803
CVE-2021-36803 affects Akaunting 2.1.12 and earlier; it is a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. The underlying issue is that avatar upload content is rendered, allowing injected HTML/JS to execute when an avatar is viewed. Seve...
PT-2021-20904 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions 6.1.6 and prior Description: The issue is a persistent type II cross-site scripting XSS vulnerability in processing user-supplied avatar images. This vulnerability was fixed in version 6.1.7 of the product. Recommendations: F...
CVE-2018-7679
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...
Remote code execution
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...
CVE-2018-7679
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...
CVE-2018-7679
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution...
CVE-2005-2817
Simple Machines Forum SMF 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server...