CVE-2026-34528

CVE-2026-34528 (File Browser) : The signup flow copies default permissions, including Execute and Commands, then only Admin is stripped. If signup=true, EnableExec=true, and Defaults include Execute=true and Commands (e.g., ["bash"]), an unauthenticated user can self-register and inherit shell ex...

CVE-2026-34528

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler in File Browser. An attacker can gain unauthorized command execution capabilities by self-registering when server-side execution is enabled and the default user template includes...

CVE-2025-61229

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

GHSA-PP7V-WXX9-HM6R Thelia BackOffice default template vulnerable to Cross-site Scripting

The BackOffice of Thelia error.html template has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue...

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

FreeBSD : py-django-photologue -- XSS vulnerability (c2c89dea-2859-4231-8f3b-012be0d475ff)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c2c89dea-2859-4231-8f3b-012be0d475ff advisory. - A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected b...

GHSA-287Q-JFCP-9VHV django-photologue vulnerable to Cross-site Scripting

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

django-photologue vulnerable to Cross-site Scripting

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

PYSEC-2022-43061

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

PYSEC-2022-43061

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

CVE-2022-4526

The CVE-2022-4526 issue affects django-photologue versions up to 3.15.1. Affected code in photologue/templates/photologue/photo_detail.html, within the Default Template Handler, allows manipulation of the caption parameter (object.caption) to trigger cross-site scripting (XSS). The vulnerability ...

Django-photologue 跨站脚本漏洞

Django-photologue is a powerful image management and gallery application for the Django web framework by Richard Barran, an individual developer. A security vulnerability exists in Django-photologue versions prior to 3.15.1, which stems from some unknown functionality in the Default Template...

CVE-2022-4526 django-photologue Default Template photo_detail.html cross site scripting

A vulnerability was found in django-photologue up to 3.15.1 and classified as problematic. Affected by this issue is some unknown functionality of the file photologue/templates/photologue/photodetail.html of the component Default Template Handler. The manipulation of the argument object.caption...

MISP Cross-Site Scripting Vulnerability (CNVD-2019-12145)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and features threat cybersecurity event analysis and malware analysis hood. A cross-site scripting vulnerability exists in the default distribution template in the...

CVE-2018-19195

An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\showproduct.html file...

LazyMap - Automate NMAP Scans and Generate Custom Nessus Policies Automatically

Automate NMAP scans and custom Nessus polices. Installing git clone https://github.com/commonexploits/port-scan-automation.git How To Use ./lazymap.sh Features Discovers live devices Auto launches port scans on only the discoverd live devices Can run mulitple instances on multiple adaptors at onc...

Huge-IT Slideshow Cross-Site Scripting Vulnerability

Huge-IT Slideshow is an extension developed by the Huge-IT team for use in Joomla! to attract visitors by improving the style and character of your website. Huge-IT Slideshow v1.0.4 in . /views/slideshow/tmpl/default.php file is vulnerable to cross-site scripting. The vulnerability can be exploit...

Dtcms default template file has cross-site scripting vulnerability

dtcms is a content management system developed based on c. A cross-site scripting vulnerability exists in the default template file of dtcms version V4.0, due to the absence of strict filtering of image thumbnails and title fields in the default template file. An attacker is allowed to exploit th...