3 matches found
PT-2023-33002 · Ez Systems +1 · Ezpublish-Kernel +2
Name of the Vulnerable Software and Affected Versions: Ibexa DXP and eZ Platform affected versions not specified ezsystems/ezpublish-kernel affected versions not specified Description: The issue allows specifying the name of the downloaded file in the route used for file downloads, which could le...
CVE-2020-15651
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS 28...
lftp file overwrite
Downloaded file name in lftpget may be set by server without user confirmation...