7 matches found
EUVD-2022-41562
Malicious code in bioql PyPI...
CVE-2024-27705
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint...
PT-2024-26563 · O2Oa · O2Oa
Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...
CVE-2022-39016
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...
Design/Logic Flaw
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...
CVE-2022-33009
A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...
Cross site scripting
A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...