Lucene search
K

6 matches found

OSV
OSV
added 2025/10/30 3:2 p.m.4 views

GO-2025-4045 Mattermost Server vulnerable to Cross-site Scripting through file preview feature in github.com/mattermost/mattermost-server

Mattermost Server vulnerable to Cross-site Scripting through file preview feature in github.com/mattermost/mattermost-server...

6.1CVSS6.7AI score0.00685EPSS
Exploits0References5
NVD
NVD
added 2025/06/19 3:15 a.m.24 views

CVE-2025-50183

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...

6.5CVSS0.00277EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/19 2:20 a.m.4 views

CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...

6.5CVSS6.2AI score0.00277EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/19 12:0 a.m.1 views

OpenList Frontend 跨站脚本漏洞

OpenList Frontend is an OpenList Team open source application that protects open source projects from trust-based attacks. A cross-site scripting vulnerability exists in OpenList Frontend versions prior to 4.0.0-rc.4, which stems from a .py file in the file preview feature that may be interpreted...

6.5CVSS5.7AI score0.00277EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/06/18 2:41 p.m.8 views

OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

XSS via .py file containing script tag interpreted as HTML Summary A vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. This leads to ...

6.5CVSS5.7AI score0.00277EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.4 views

PT-2024-26565 · Unknown · Raingad Im

Name of the Vulnerable Software and Affected Versions: Raingad IM version 4.1.4 Description: The issue is related to an arbitrary file upload vulnerability in the File preview function, allowing attackers to execute arbitrary code by uploading a crafted PDF file. Recommendations: For Raingad IM...

5.5CVSS8.1AI score0.00219EPSS
Exploits0References5
Rows per page
Query Builder