130 matches found
XWiki Cross-Site Scripting Vulnerability (CNVD-2022-72198)
Xwiki is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki version 12.10.2 contains a cross-site scripting vulnerability that could be exploited to launch a cross-site scripting attack against a target via the SVG document upload comment feature...
Cross-site Scripting (XSS) - Stored in poowf/invoiceneko
✍️ Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content...
Plone 跨站脚本漏洞
Plone is the industry's leading open source CMS system for content management, document management and knowledge management. A stored cross-site scripting vulnerability exists in Plone 5.2.4 and earlier versions. The vulnerability can be exploited by uploading SVG or HTML documents to conduct...
GHSA-9W49-M7XH-5R39 Cross-site scripting in papermerge
Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...
GLPI Cross-Site Scripting Vulnerability (CNVD-2021-17775)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
CVE-2021-21312
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...
CVE-2021-21312
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...
CVE-2021-21312
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...
UBUNTU-CVE-2021-21312
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...
Design/Logic Flaw
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...
CVE-2021-21312 Stored XSS on documents
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...
CVE-2021-21312
GLPI prior to 9.5.4 is affected by an XSS via the document upload Web Link field; unsanitized input can store JavaScript in the DB and execute when the link is opened. The vulnerability requires document-upload rights and results in popup execution or similar impact. Remediation: upgrade to GLPI ...
PT-2021-14410 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns a vulnerability within the document upload function, specifically the "Web Link" form field, which is not properly sanitized. This allows a malicious user with document upload right...
GLPI 跨站脚本漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
File Upload Vulnerability in Seven Bears Library System v3.4
Seven bears is similar to Baidu library, can realize the document sharing, selling library CMS system. After the user uploads the source document, seven bears will automatically transcode the document into HTML, after the success of the document HTML back to the library CMS. to realize...
CVE-2020-10669
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...
CVE-2018-19599
Monstra CMS 1.6 is affected by an XSS vulnerability triggered by uploading an SVG file to the admin/filesmanager uploads path (admin/index.php?id=filesmanager&path=uploads/). Root cause is improper handling/sanitization of SVG content, enabling stored or reflected XSS within the admin UI. The ava...
Design/Logic Flaw
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...
CVE-2020-8778
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...
Code injection
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...