20 matches found
EUVD-2026-16898
A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...
CVE-2026-4992
A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...
CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection
A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...
CVE-2026-4992
A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...
EUVD-2022-5403
Malicious code in bioql PyPI...
CVE-2025-28142
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V31.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare...
CVE-2024-10129
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/createshare.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. It is possible to initiate the attack remotely...
shudong-share SQL注入漏洞
shudong-share is a free and open source PHP extranet system by AaronLiu's personal developer. A SQL injection vulnerability exists in shudong-share 2.4.7 and earlier versions, which originates from the parameter fkey in the file /includes/createshare.php of Share Handler, which can lead to SQL...
PT-2024-16050 · Unknown · Hfo4 Shudong-Share
Name of the Vulnerable Software and Affected Versions: HFO4 shudong-share versions up to 2.4.7 Description: A critical vulnerability has been found in HFO4 shudong-share, affecting an unknown part of the file /includes/create share.php of the component Share Handler. The manipulation of the...
SUSE CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
Openstack Manila Persistent XSS in Metadata field
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
SQL injection vulnerability in the create_share.php page of TreeHole's external link system
Treehole external chain system is a free and open source PHP external chain network disk system, support for seven cattle, local, remote three kinds of storage methods, support for multi-user system. Treehugger createshare.php page SQL injection vulnerability , because the program fails to filter...
Cross-site Scripting (XSS)
manila-ui is vulnerable to reflected cross-site scripting XSS. The Create Share form takes user-supplied metadata and passes it to a call to marksafe. This allows remotely authenticated, but unprivileged users to insert JavaScript code...
DEBIAN-CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
openstack-manila-ui: persistent XSS in metadata field
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...
openstack-manila-ui: persistent XSS in metadata field
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...
openstack-manila-ui: persistent XSS in metadata field
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this...