8 matches found
EUVD-2018-4014
Malware in sbrugna...
Server-Side Request Forgery (SSRF) in chevereto/chevereto-free
Description Attackers can make the server perform arbitrary requests to internal IPs as well as use the file:/// protocol to disclose internal image data. Proof of Concept 1: Create a valid image file on the server /path/to/index.png 2: Choose add Image URLs and use a valid URL and click OK. Then...
Chevereto Free Cross-Site Scripting Vulnerability
Chevereto Free is a set of image hosting scripts which are mainly used to create image hosting websites. A cross-site scripting vulnerability exists in versions prior to Chevereto Free 1.0.13. A remote attacker can exploit this vulnerability to steal administrator cookies...
CVE-2018-12030
Chevereto Free before 1.0.13 has XSS...
CVE-2018-12030
Chevereto Free before 1.0.13 has XSS...
Design/Logic Flaw
Chevereto Free before 1.0.13 has XSS...
CVE-2018-12030
Chevereto Free before 1.0.13 has XSS...
CVE-2018-12030
Chevereto Free before 1.0.13 is affected by a cross‑site scripting vulnerability. The vulnerability enables XSS due to the version prior to 1.0.13; the CVE entry notes this issue without providing exploit details. A remediation mentioned in the source material is to upgrade to version 1.0.13 or l...