Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2024/02/20 11:42 p.m.39 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS5.9AI score0.00487EPSS
Exploits0References8Affected Software2
Snyk
Snykadded 2024/02/20 6:45 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...

6.3CVSS6.4AI score0.00487EPSS
Exploits0References2
Snyk
Snykadded 2024/02/20 6:45 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dynamic file upload feature. An attacker can modify the file names of the records being uploaded to the server, which could lead to the execution of malicious scripts. This vulnerability is present in...

6.3CVSS6.3AI score0.00487EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/02/20 5:29 p.m.6 views

CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

6.3CVSS5.8AI score0.00487EPSS
Exploits0References6
Cvelist
Cvelistadded 2024/02/20 5:29 p.m.33 views

CVE-2023-51447 Decidim vulnerable to cross-site scripting (XSS) in the dynamic file uploads

Decidim is a participatory democracy framework. Starting in version 0.27.0 and prior to versions 0.27.5 and 0.28.0, the dynamic file upload feature is subject to potential cross-site scripting attacks in case the attacker manages to modify the file names of the records being uploaded to the serve...

6.3CVSS6.2AI score0.00487EPSS
Exploits0References6
RubySec
RubySecadded 2024/02/20 12:0 a.m.14 views

Cross-site scripting (XSS) in the dynamic file uploads

Impact The dynamic file upload feature is subject to potential XSS attach in case the attacker manages to modify the file names of the records being uploaded to the server. This appears in sections where the user controls the file upload dialogs themselves and has the technical knowledge to chang...

6.3CVSS6AI score0.00487EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder