Lucene search
+L

57 matches found

NVD
NVD
added 2026/07/07 11:16 p.m.7 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

5.4CVSS0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56277

Name of the Vulnerable Software and Affected Versions LiquidFiles version 4.2.7 Description An HTML injection issue exists in the file view endpoint. This allows authenticated attackers to execute arbitrary JavaScript within the victim's browser by uploading a specially crafted HTML file and...

5.4CVSS6.3AI score0.00141EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 12:0 a.m.25 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 12:0 a.m.16 views

CVE-2026-36163

CVE-2026-36163 describes an HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7. Authenticated attackers can upload and interact with a crafted HTML file to trigger arbitrary JavaScript execution in the victim’s browser. The affected component is the file view handling pa...

5.4CVSS6.2AI score0.00141EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38800

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.14 views

CVE-2026-50704

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:46 p.m.5 views

CVE-2026-50704

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 2:46 p.m.34 views

CVE-2026-50704 Frappe Framework 17.0.0-dev - Reflected/Stored XSS in File View breadcrumbs rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 2:46 p.m.15 views

CVE-2026-50704

CVE-2026-50704 affects Frappe Framework 17.0.0-dev. The issue is a Stored XSS caused by improper neutralization of user-controlled input in the File View breadcrumb renderer. The vulnerability could allow an attacker to inject scripts via breadcrumbs, with the potential impact limited to the affe...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51829

Name of the Vulnerable Software and Affected Versions Frappe Framework version 17.0.0-dev Description A Stored Cross-Site Scripting XSS issue occurs due to improper neutralization of user-controlled input within the File View breadcrumb renderer. Stored XSS is a type of vulnerability where a...

4.6CVSS6AI score0.00256EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 4:16 p.m.17 views

CVE-2026-43984

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS0.00207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-45040

Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 12:15 a.m.14 views

CVE-2026-23887

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

5.4CVSS0.00246EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/21 11:39 p.m.3 views

CVE-2026-23887 Group-Office has stored XSS vulnerability via unsanitized filenames

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

5.1CVSS5.5AI score0.00246EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/21 11:39 p.m.4 views

EUVD-2026-4201

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

5.1CVSS5.5AI score0.00246EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.11 views

PT-2026-3883

Group-Office is an enterprise customer relationship management and groupware tool. In versions 6.8.148 and below, and 25.0.1 through 25.0.79, the application stores unsanitized filenames in the database, which can lead to Stored Cross-Site Scripting XSS. Users who interact with these specially...

5.1CVSS5.5AI score0.00246EPSS
Exploits1References4
NVD
NVD
added 2025/11/24 4:15 p.m.5 views

CVE-2025-60915

An issue in the size query parameter /views/file.py of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request...

8.1CVSS0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/24 12:0 a.m.5 views

Austrian Academy of Sciences OpenAtlas 安全漏洞

Austrian Academy of Sciences OpenAtlas is a database application dealing with archaeology and history organized by the Austrian Academy of Sciences in Austria. A security vulnerability exists in Austrian Academy of Sciences OpenAtlas versions prior to 8.12.0, which stems from improper handling of...

8.1CVSS6.4AI score0.00387EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14191

Malicious code in bioql PyPI...

9.8CVSS7.5AI score0.00569EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.5 views

Scada-LTS 安全漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A security vulnerability exists in Scada-LTS version 2.7.8.1 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter Name in the file viewedit.shtm...

5.4CVSS5.9AI score0.00256EPSS
Exploits1References6
Rows per page
Query Builder