130 matches found
CVE-2025-5877
The CVE-2025-5877 is a confirmed issue in Fengoffice Feng Office 3.2.2.1. It affects unknown functionality in /application/models/ApplicationDataObject.class.php within the Document Upload Handler, enabling an XML external entity reference. The vulnerability can be exploited remotely, and the exp...
PT-2025-24433 · Unknown · Feng Office
Name of the Vulnerable Software and Affected Versions: Fengoffice Feng Office version 3.2.2.1 Description: A problematic issue has been found in the Document Upload Handler component, specifically affecting some unknown functionality of the file /application/models/ApplicationDataObject.class.php...
CVE-2023-28837
Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...
CVE-2022-43996
The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...
CVE-2020-8778
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...
CVE-2012-3572
Open Source Competency Center OSCC MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document...
CVE-2025-4533 JeecgBoot Document Library Upload zip unzipFile resource consumption
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
CVE-2025-45388
CVE-2025-45388 (Wagtail CMS 6.4.1) : A Stored Cross-Site Scripting (XSS) flaw exists in the document upload feature. Attackers can embed malicious payloads in a PDF; when a user clicks the uploaded document in the CMS interface, the payload can execute. The supplier disputes exploitability, notin...
PT-2025-20295 · Unknown · Wagtail Cms
Name of the Vulnerable Software and Affected Versions: Wagtail CMS version 6.4.1 Description: The issue is related to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface...
Wagtail CMS 安全漏洞
Wagtail CMS is a content management system from Wagtail Open Source. A security vulnerability exists in Wagtail CMS version 6.4.1, which stems from a stored cross-site scripting attack due to the document upload feature...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
CVE-2025-45388
Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting XSS in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes. NOTE: this is disputed by the Supplier because "It has been...
Celk Sistemas Celk Saude 跨站脚本漏洞
Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A cross-site scripting vulnerability exists in Celk Sistemas Celk Saude version v.3.1.252.1, which originates from stored cross-site scripting and could lead to a remote attacker storing JavaScript code in...
PT-2024-36510 · Unknown · Piranha Cms
Name of the Vulnerable Software and Affected Versions: Piranha CMS version 11.1 Description: A file upload functionality in Piranha CMS allows authenticated remote attackers to upload a crafted PDF file to "/manager/media". This PDF can contain malicious JavaScript code, which is executed when a...
CVE-2024-55239
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulodocumento' parameter...
PT-2024-35440
Name of the Vulnerable Software and Affected Versions libre-chat version 0.0.6 Description The issue allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file, specifically in the upload documents method. Recommendations For libre-chat version 0.0.6, consid...
XSS through document upload
This report is not public...