Cross-site Scripting (XSS)

Overview tryton-sao is a Tryton webclient Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML element used to display the documents. An attacker can execute arbitrary JavaScript code in the context of the user's browser by uploading a crafted HTML file as an...

EUVD-2024-54696

Malicious code in bioql PyPI...

CVE-2024-37743

An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component...

CVE-2024-37743

An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component...

PT-2025-26774 · Mmzdev · Mmzdev Knowledgegpt

Name of the Vulnerable Software and Affected Versions: mmzdev KnowledgeGPT version 0.0.5 Description: An issue in the Document Display Component allows a remote attacker to execute arbitrary code. Recommendations: For mmzdev KnowledgeGPT version 0.0.5, consider disabling the Document Display...

KnowledgeGPT 安全漏洞

KnowledgeGPT is a Sasmitha Individual Developer to provide accurate answers and instant citations for your documents. A security vulnerability exists in KnowledgeGPT version V.0.0.5, which stems from a flaw in the Document Display Component that could lead to remote execution of arbitrary code...

CVE-2024-37743

An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component...

CVE-2024-37743

An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component...

CVE-2024-37743

CVE-2024-37743 affects mmzdev KnowledgeGPT v0.0.5, where the Document Display Component allows a remote attacker to execute arbitrary code. The issue originates in the component handling document rendering, enabling code execution with network access and no user interaction. The CVSS v3.1 base sc...

XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode

Impact It's possible to display any page you cannot access through the combination of the async and display macro. Steps to reproduce: 1. Enable comments for guests by giving guests comment rights 2. As a guest, create a comment with content asyncdisplay reference="Menu.WebHome" //async 3. Open t...

CVE-2022-3034

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

GHSA-7P8H-86P5-WV3P Cross-site scripting

Two kinds of XSS were found: 1. As mentioned in https://github.com/mongo-express/mongo-express/issues/577 when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2. Data cells identified as med...

SQL Injection Vulnerability in OAID Parameter of Haitian OA System/Documents/OA_DocDisplay_NewWindow.asp Page

Haitian OA network office system is suitable for enterprises and institutions of the general-purpose network office software, the system adopts the leading B / S browser / server mode of operation, so that the network office is not subject to geographical restrictions. A SQL injection vulnerabili...