Lucene search
K

36 matches found

Prion
Prion
added 2023/05/31 7:15 p.m.26 views

Cross site scripting

Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...

4.9CVSS5.1AI score0.00403EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.4 views

SUSE CVE-2006-2193

Buffer overflow in the t2pwritepdfstring function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character i...

7.5CVSS8AI score0.05458EPSS
Exploits1References4
OSV
OSV
added 2023/02/07 10:15 p.m.2 views

CVE-2022-47417

LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document file name...

5.4CVSS5.7AI score0.00582EPSS
Exploits2References1
Huntr
Huntr
added 2022/10/06 4:37 p.m.16 views

Improper Name Validation in Upload Document Form

Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...

5CVSS0.1AI score0.00862EPSS
Exploits1
NVD
NVD
added 2021/08/03 7:15 p.m.17 views

CVE-2021-35343

Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...

4.3CVSS0.00525EPSS
Exploits0References1
OSV
OSV
added 2021/08/03 7:15 p.m.4 views

CVE-2021-35343

Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...

4.3CVSS5.8AI score0.00525EPSS
Exploits0References1
Prion
Prion
added 2021/08/03 7:15 p.m.14 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...

4.3CVSS4.7AI score0.00525EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/03 6:7 p.m.25 views

CVE-2021-35343

Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...

5AI score0.00525EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.5 views

SeedDMS 跨站请求伪造漏洞

SeedDMS formerly known as LetoDMS and MyDMS is a set of open source document management system based on PHP and MySql . The system is primarily used for storing and sharing documents. A security vulnerability exists in SeedDMS versions 5.1.x through 5.1.23 and 6.0.x through 6.0.16, which originat...

4.3CVSS5.2AI score0.00525EPSS
Exploits0References2
NVD
NVD
added 2021/07/30 2:15 p.m.21 views

CVE-2021-37596

Telegram Web K Alpha 0.6.1 allows XSS via a document name...

6.1CVSS0.00619EPSS
Exploits0References1
Prion
Prion
added 2021/07/30 2:15 p.m.14 views

Cross site scripting

Telegram Web K Alpha 0.6.1 allows XSS via a document name...

4.3CVSS5.9AI score0.00619EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/07/27 11:45 p.m.69 views

CVE-2021-37596

CVE-2021-37596 affects Telegram Web K Alpha 0.6.1. A cross-site scripting vulnerability arises because the application allows XSS to pass through document names, with potential for client-side code execution. Connected sources corroborate the issue; however, no remediation steps or patch versions...

6.1CVSS5.9AI score0.00619EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/27 11:45 p.m.33 views

CVE-2021-37596

Telegram Web K Alpha 0.6.1 allows XSS via a document name...

6.1AI score0.00619EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/27 12:0 a.m.5 views

PT-2020-10446 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 Description: A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. Recommendations: F...

4.8CVSS3.8AI score0.01079EPSS
Exploits1References6
Cvelist
Cvelist
added 2011/01/07 11:0 a.m.26 views

CVE-2010-4677

emWEB on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.23 allows remote attackers to cause a denial of service daemon crash via a request for a document whose name contains space characters, aka Bug ID CSCsy08416...

6.7AI score0.02224EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2008/08/28 10:23 p.m.2 views

tiff2pdf buffer overflow

Buffer overflow in the t2pwritepdfstring function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character i...

7.5CVSS7.7AI score0.05458EPSS
Exploits1References4
Rows per page
Query Builder