Lucene search
K

18 matches found

NVD
NVD
added 2026/05/16 4:16 p.m.11 views

CVE-2020-37227

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS0.00541EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.8 views

CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4
CVE
CVE
added 2026/05/16 3:25 p.m.18 views

CVE-2020-37227

HS Brand Logo Slider 2.1 (a WordPress plugin) has an unrestricted file upload vulnerability. Authenticated users can bypass client-side extension checks by targeting the logoupload parameter in the admin interface and rename uploaded files to executable extensions such as .php, enabling remote co...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.39 views

CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS0.00541EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

WordPress plugin HS Brand Logo Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6.4AI score0.00541EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/10 6:4 p.m.12 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS7.4AI score0.1914EPSS
Exploits10References2
OSV
OSV
added 2022/05/13 1:24 a.m.11 views

GHSA-3P6C-9XHM-8X7H October CMS XSS

October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.1CVSS6.2AI score0.01003EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:24 a.m.34 views

October CMS XSS

October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.1CVSS6.7AI score0.01003EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/10/26 12:0 a.m.2 views

WordPress Plugin HS Brand Logo Slider 'logoupload' File Upload Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A file upload vulnerability exists in the WordPress plugin HS Brand Logo Slider 'logoupload...

6.8AI score
Exploits0References1
Patchstack
Patchstack
added 2020/10/21 12:0 a.m.14 views

WordPress Helios Solutions Brand Logo Slider plugin <= 2.1 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability found by Net-Hunter in WordPress Helios Solutions Brand Logo Slider plugin versions = 2.1. Solution 2020-12-03 - we found only notification from wordpress.org plugin repository "This plugin has been closed as of October 21, 2020 and is not availab...

1.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/21 12:0 a.m.10 views

Helios Solutions Brand Logo Slider <= 2.1 - Authenticated Arbitrary File Upload

An Authenticated user admin+ can bypass the security check of the plugin and upload arbitrary files via the Brand Logo. PoC The PoC will be displayed once the issue has been remediated...

2.2AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.628 views

WordPress HS Brand Logo Slider 2.1 Shell Upload

Exploit Title: WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload Date: 2020-10-20 Exploit Author: Net-Hunter Google Dork: N/A Software Link: https://ms.wordpress.org/plugins/hs-brand-logo-slider/ Vendor Homepage: https://www.heliossolutions.co/ Tested on: Linux Apache / Wordpre...

7.4AI score
Exploits0
Veracode
Veracode
added 2017/11/17 9:52 a.m.18 views

Cross-site Scripting (XSS)

October CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the brand logo image name, allowing a malicious user to inject and execute arbitrary Javascript...

6.1CVSS6AI score0.01003EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/11/17 2:29 a.m.40 views

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.1CVSS6.5AI score0.01003EPSS
Exploits0References1
OSV
OSV
added 2017/11/17 2:29 a.m.19 views

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.1CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2017/11/17 2:0 a.m.51 views

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.5AI score0.01003EPSS
Exploits0References1
CVE
CVE
added 2017/11/17 2:0 a.m.62 views

CVE-2017-1000193

October CMS 412 is reported to be vulnerable to a stored XSS (WCI) via the brand logo image name, allowing injected JavaScript to execute in the victim’s browser. The root cause, as described in the connected materials, is a stored XSS flaw in the brand logo handling. The documents do not specify...

6.1CVSS6.4AI score0.01003EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/11/17 12:0 a.m.4 views

October CMS Cross-Site Scripting Vulnerability (CNVD-2017-37277)

OctoberCMS is a CMS system based on Laravel PHP development framework. A cross-site scripting vulnerability exists in the brand logo image name in October CMS build 412. An attacker can exploit this vulnerability to execute JavaScript code in the victim's browser...

6.1CVSS6.5AI score0.01003EPSS
Exploits0References1
Rows per page
Query Builder