Lucene search
K

130 matches found

CNVD
CNVD
added 2022/05/13 12:0 a.m.23 views

XWiki Cross-Site Scripting Vulnerability (CNVD-2022-72198)

Xwiki is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki version 12.10.2 contains a cross-site scripting vulnerability that could be exploited to launch a cross-site scripting attack against a target via the SVG document upload comment feature...

3.5CVSS2.9AI score0.00735EPSS
Exploits1Affected Software1
Huntr
Huntr
added 2021/08/13 8:39 a.m.7 views

Cross-site Scripting (XSS) - Stored in poowf/invoiceneko

✍️ Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content...

5AI score
Exploits0References1
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.3 views

Plone 跨站脚本漏洞

Plone is the industry's leading open source CMS system for content management, document management and knowledge management. A stored cross-site scripting vulnerability exists in Plone 5.2.4 and earlier versions. The vulnerability can be exploited by uploading SVG or HTML documents to conduct...

5.4CVSS5.3AI score0.0069EPSS
Exploits0References3
OSV
OSV
added 2021/04/20 4:37 p.m.19 views

GHSA-9W49-M7XH-5R39 Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

6.1CVSS6.1AI score0.01527EPSS
Exploits0References7
CNVD
CNVD
added 2021/03/10 12:0 a.m.7 views

GLPI Cross-Site Scripting Vulnerability (CNVD-2021-17775)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

5.4CVSS6AI score0.00592EPSS
Exploits0References1
NVD
NVD
added 2021/03/03 8:15 p.m.17 views

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

5.4CVSS0.00592EPSS
Exploits0References2
OSV
OSV
added 2021/03/03 8:15 p.m.20 views

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

4.8CVSS6.8AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/03/03 8:15 p.m.40 views

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

5.4CVSS6.7AI score0.00592EPSS
Exploits0References3
OSV
OSV
added 2021/03/03 8:15 p.m.6 views

UBUNTU-CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

5.4CVSS7.1AI score0.00592EPSS
Exploits0References4
Prion
Prion
added 2021/03/03 8:15 p.m.19 views

Design/Logic Flaw

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

3.5CVSS5AI score0.00592EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/03 7:25 p.m.19 views

CVE-2021-21312 Stored XSS on documents

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function Home Management Documents Add, or /front/document.form.php...

5.4CVSS5.7AI score0.00592EPSS
Exploits0References2
CVE
CVE
added 2021/03/03 7:25 p.m.57 views

CVE-2021-21312

GLPI prior to 9.5.4 is affected by an XSS via the document upload Web Link field; unsanitized input can store JavaScript in the DB and execute when the link is opened. The vulnerability requires document-upload rights and results in popup execution or similar impact. Remediation: upgrade to GLPI ...

5.4CVSS5.4AI score0.00592EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/03 12:0 a.m.7 views

PT-2021-14410 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns a vulnerability within the document upload function, specifically the "Web Link" form field, which is not properly sanitized. This allows a malicious user with document upload right...

10CVSS6.2AI score0.99628EPSS
Exploits32References129
CNNVD
CNNVD
added 2021/03/03 12:0 a.m.5 views

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

5.4CVSS5.2AI score0.00592EPSS
Exploits0References3
CNVD
CNVD
added 2020/07/29 12:0 a.m.1 views

File Upload Vulnerability in Seven Bears Library System v3.4

Seven bears is similar to Baidu library, can realize the document sharing, selling library CMS system. After the user uploads the source document, seven bears will automatically transcode the document into HTML, after the success of the document HTML back to the library CMS. to realize...

7AI score
Exploits0
NVD
NVD
added 2020/03/19 11:15 p.m.14 views

CVE-2020-10669

The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp. An unauthenticated attacker able to connect to the device's web interface can get a copy of the documents uploaded by any users. NOTE: this is fixed in the late...

7.5CVSS7.7AI score0.03463EPSS
Exploits2References3
CVE
CVE
added 2020/03/02 7:45 p.m.46 views

CVE-2018-19599

Monstra CMS 1.6 is affected by an XSS vulnerability triggered by uploading an SVG file to the admin/filesmanager uploads path (admin/index.php?id=filesmanager&path=uploads/). Root cause is improper handling/sanitization of SVG content, enabling stored or reflected XSS within the admin UI. The ava...

5.4CVSS5.2AI score0.00728EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/03/02 7:15 p.m.17 views

Design/Logic Flaw

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...

3.5CVSS5.2AI score0.02621EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2020/03/02 6:30 p.m.20 views

CVE-2020-8778

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...

5.2AI score0.02621EPSS
Exploits5References3
Prion
Prion
added 2019/05/14 3:29 p.m.11 views

Code injection

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user...

5CVSS5.4AI score0.0154EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder