Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/02/28 9:47 p.m.21 views

CVE-2026-28558 wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...

6.4CVSS0.00208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.10 views

CVE-2022-23906

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution RCE vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file...

7.2CVSS7.6AI score0.02087EPSS
Exploits1References1
NVD
NVD
added 2025/12/17 11:15 p.m.5 views

CVE-2023-53924

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

8.8CVSS0.00794EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue...

9.8CVSS7.3AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-34376 · Unknown · Python Book

Name of the Vulnerable Software and Affected Versions: python book version V1.0 Description: The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues...

9.8CVSS7.4AI score0.00961EPSS
Exploits1References7
Prion
Prion
added 2022/12/15 7:15 p.m.14 views

Unrestricted file upload

File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php...

6.5CVSS8.8AI score0.01218EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder