Lucene search
K

130 matches found

CVE
CVE
added 2025/06/09 12:31 p.m.56 views

CVE-2025-5877

The CVE-2025-5877 is a confirmed issue in Fengoffice Feng Office 3.2.2.1. It affects unknown functionality in /application/models/ApplicationDataObject.class.php within the Document Upload Handler, enabling an XML external entity reference. The vulnerability can be exploited remotely, and the exp...

8.1CVSS6.4AI score0.0035EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.5 views

PT-2025-24433 · Unknown · Feng Office

Name of the Vulnerable Software and Affected Versions: Fengoffice Feng Office version 3.2.2.1 Description: A problematic issue has been found in the Document Upload Handler component, specifically affecting some unknown functionality of the file /application/models/ApplicationDataObject.class.php...

8.1CVSS6.2AI score0.0035EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.1 views

CVE-2023-28837

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

4.9CVSS6.7AI score0.0107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:2 a.m.5 views

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

5.4CVSS5.7AI score0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.8 views

CVE-2020-8778

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...

5.4CVSS5.8AI score0.02621EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 a.m.7 views

CVE-2012-3572

Open Source Competency Center OSCC MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document...

6CVSS7.6AI score0.00945EPSS
Exploits0References1
OSV
OSV
added 2025/05/11 6:31 a.m.6 views

CVE-2025-4533 JeecgBoot Document Library Upload zip unzipFile resource consumption

A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...

5.1CVSS4.9AI score0.00589EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/09 12:28 a.m.10 views

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

6.1CVSS5.9AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2025/05/07 7:16 p.m.15 views

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

6.1CVSS0.00263EPSS
Exploits0References5
OSV
OSV
added 2025/05/07 7:16 p.m.9 views

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

6.1CVSS5.8AI score0.00263EPSS
Exploits0References5
CVE
CVE
added 2025/05/07 12:0 a.m.53 views

CVE-2025-45388

CVE-2025-45388 (Wagtail CMS 6.4.1) : A Stored Cross-Site Scripting (XSS) flaw exists in the document upload feature. Attackers can embed malicious payloads in a PDF; when a user clicks the uploaded document in the CMS interface, the payload can execute. The supplier disputes exploitability, notin...

6.1CVSS6AI score0.00263EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.10 views

PT-2025-20295 · Unknown · Wagtail Cms

Name of the Vulnerable Software and Affected Versions: Wagtail CMS version 6.4.1 Description: The issue is related to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface...

6.1CVSS5.6AI score0.00263EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.4 views

Wagtail CMS 安全漏洞

Wagtail CMS is a content management system from Wagtail Open Source. A security vulnerability exists in Wagtail CMS version 6.4.1, which stems from a stored cross-site scripting attack due to the document upload feature...

6.1CVSS6.1AI score0.00263EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/05/07 12:0 a.m.5 views

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

6AI score0.00263EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/07 12:0 a.m.12 views

CVE-2025-45388

Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...

0.00263EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/10 12:0 a.m.3 views

Celk Sistemas Celk Saude 跨站脚本漏洞

Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A cross-site scripting vulnerability exists in Celk Sistemas Celk Saude version v.3.1.252.1, which originates from stored cross-site scripting and could lead to a remote attacker storing JavaScript code in...

5.4CVSS6.2AI score0.00284EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.5 views

PT-2024-36510 · Unknown · Piranha Cms

Name of the Vulnerable Software and Affected Versions: Piranha CMS version 11.1 Description: A file upload functionality in Piranha CMS allows authenticated remote attackers to upload a crafted PDF file to "/manager/media". This PDF can contain malicious JavaScript code, which is executed when a...

4.7CVSS5.9AI score0.00484EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/12/18 12:0 a.m.17 views

CVE-2024-55239

A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulodocumento' parameter...

5.4AI score0.00302EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.6 views

PT-2024-35440

Name of the Vulnerable Software and Affected Versions libre-chat version 0.0.6 Description The issue allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file, specifically in the upload documents method. Recommendations For libre-chat version 0.0.6, consid...

9.1CVSS6AI score0.00762EPSS
Exploits0References12
Huntr
Huntr
added 2024/10/18 8:7 p.m.5 views

XSS through document upload

This report is not public...

5.4CVSS7.1AI score0.00454EPSS
Exploits0
Rows per page
Query Builder