2 matches found
PT-2023-12103 · Unknown · Xpressengine
Name of the Vulnerable Software and Affected Versions: XpressEngine affected versions not specified Description: The issue arises from insufficient verification of uploaded files, allowing a remote attacker to upload arbitrary files and potentially execute arbitrary code on the server hosting the...
DCForum+ 1.2 - Subject HTML Injection
DCForum+ 1.2 - Subject HTML Injection source: https://www.securityfocus.com/bid/8384/info DCForum+ is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code in the subject field of posts to the bulletin board. This is because the...