7 matches found
EUVD-2023-29712
Malicious code in bioql PyPI...
EUVD-2022-33569
Malicious code in bioql PyPI...
CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...
Cross site scripting
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...
CVE-2023-38501
Copyparty (portable file server) is affected by CVE-2023-38501 via a reflected XSS in the web interface, exploitable through URL parameters ?k304=... and ?setck=... in versions prior to 1.8.7. The vulnerability allows an attacker to execute arbitrary JavaScript by enticing a user to click a craft...
CVE-2023-38501 copyparty vulnerable to reflected cross-site scripting via k304 parameter
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...
CVE-2022-24888 Possible Injection in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...