36 matches found
Cross site scripting
Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...
SUSE CVE-2006-2193
Buffer overflow in the t2pwritepdfstring function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character i...
CVE-2022-47417
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document file name...
Improper Name Validation in Upload Document Form
Description The name of any uploaded document can be manipulated using the destination parameter, to include new line characters in its name, breaking the execution of JS code in "New Documents" section from "Miscellaneous" menu, that will be blank until the document is removed from DB. Proof of...
CVE-2021-35343
Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...
CVE-2021-35343
Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...
CVE-2021-35343
Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...
SeedDMS 跨站请求伪造漏洞
SeedDMS formerly known as LetoDMS and MyDMS is a set of open source document management system based on PHP and MySql . The system is primarily used for storing and sharing documents. A security vulnerability exists in SeedDMS versions 5.1.x through 5.1.23 and 6.0.x through 6.0.16, which originat...
CVE-2021-37596
Telegram Web K Alpha 0.6.1 allows XSS via a document name...
Cross site scripting
Telegram Web K Alpha 0.6.1 allows XSS via a document name...
CVE-2021-37596
CVE-2021-37596 affects Telegram Web K Alpha 0.6.1. A cross-site scripting vulnerability arises because the application allows XSS to pass through document names, with potential for client-side code execution. Connected sources corroborate the issue; however, no remediation steps or patch versions...
CVE-2021-37596
Telegram Web K Alpha 0.6.1 allows XSS via a document name...
PT-2020-10446 · Wso2 · Wso2 Api Manager
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 Description: A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter. Recommendations: F...
CVE-2010-4677
emWEB on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.23 allows remote attackers to cause a denial of service daemon crash via a request for a document whose name contains space characters, aka Bug ID CSCsy08416...
tiff2pdf buffer overflow
Buffer overflow in the t2pwritepdfstring function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service crash and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character i...