Lucene search
K

4 matches found

OSV
OSV
added 2023/09/21 5:16 p.m.24 views

GHSA-HC5C-R8M5-2GFH plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait

Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first ne...

3.7CVSS4.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/09/21 5:16 p.m.32 views

plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait

Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first ne...

5.4CVSS6.3AI score0.00599EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/09/21 4:34 p.m.80 views

CVE-2023-42458

CVE-2023-42458 affects the Zope web application server. A stored cross-site scripting (XSS) vulnerability exists for SVG images in versions prior to 4.8.10 and 5.8.5. An attacker would need to upload an image and lure a user to click a crafted link to trigger the vulnerability; however, an image ...

5.4CVSS4.4AI score0.00599EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/21 4:34 p.m.16 views

CVE-2023-42458 Zope vulnerable to Stored Cross Site Scripting with SVG images

Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the...

3.7CVSS5.8AI score0.00599EPSS
Exploits1References4
Rows per page
Query Builder