Lucene search
K

5079 matches found

RedhatCVE
RedhatCVE
added 2025/05/19 6:9 a.m.12 views

CVE-2025-4190

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS6.8AI score0.00489EPSS
Exploits3References1
NVD
NVD
added 2025/05/17 6:15 a.m.36 views

CVE-2025-4190

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS0.00489EPSS
Exploits3References1
OSV
OSV
added 2025/05/17 6:15 a.m.6 views

CVE-2025-4190

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

7.2CVSS5.9AI score0.00489EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/05/17 6:0 a.m.41 views

CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

0.00489EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/05/17 6:0 a.m.12 views

CVE-2025-4190 CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload

The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

6.9AI score0.00489EPSS
Exploits3References1
CVE
CVE
added 2025/05/17 6:0 a.m.55 views

CVE-2025-4190

CVE-2025-4190 affects the WordPress plugin CSV Mass Importer (v ≤ 1.2). The issue is improper validation of uploaded files, allowing high-privilege users (e.g., admins) to upload arbitrary files on the server (notably in multisite setups). Several sources confirm an admin+ arbitrary file upload v...

7.2CVSS7AI score0.00489EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.5 views

WordPress plugin CSV Mass Importer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7.5AI score0.00489EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/05/17 12:0 a.m.8 views

PT-2025-21780 · WordPress · Csv Mass Importer

Name of the Vulnerable Software and Affected Versions: CSV Mass Importer WordPress plugin versions 1.2 and earlier Description: The issue concerns the CSV Mass Importer WordPress plugin, which does not properly validate uploaded files. This allows high-privilege users, such as administrators, to...

7.2CVSS7.5AI score0.00489EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2025/05/16 3:14 p.m.11 views

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS6.2AI score0.00226EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/05/15 3:51 p.m.298 views

Exploit for CVE-2025-4190

CVE-2025-4190 — WordPress CSV Mass Importer ≤ 1.2 Arbitrary Fi...

7.2CVSS8AI score0.00489EPSS
Exploits3
NVD
NVD
added 2025/05/14 3:15 p.m.16 views

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 2:40 p.m.14 views

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS6.2AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 2:40 p.m.16 views

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 2:40 p.m.45 views

CVE-2024-56157

Summary: CVE-2024-56157 affects iTop before versions 3.1.3 and 3.2.1, where inserting malicious code into a CSV during import enables a cross-site scripting (XSS) attack. Affected software: iTop (web-based IT Service Management tool; Combodo). Root cause / vector: CSV import accepts unvalidated/m...

6.3CVSS6AI score0.00226EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/05/14 2:40 p.m.6 views

CVE-2024-56157 iTop vulnerable to Self XSS in CSV Import

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before...

6.3CVSS6.3AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.6 views

PT-2025-21169 · Itop · Itop

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.1.3 and 3.2.1 Description: The issue allows a cross-site scripting attack to be performed when importing malicious CSV content. This can be done by filling malicious code in a CSV content. The estimated number of...

6.3CVSS5.9AI score0.00226EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/13 10:11 p.m.17 views

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

8.8CVSS7.7AI score0.00532EPSS
Exploits1References1
NVD
NVD
added 2025/05/11 8:15 p.m.21 views

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

8.8CVSS0.00532EPSS
Exploits1References4
OSV
OSV
added 2025/05/11 8:15 p.m.4 views

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

8.8CVSS5AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/11 8:0 p.m.5 views

CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

5.8CVSS5.2AI score0.00532EPSS
Exploits1References4
Rows per page
Query Builder