10 matches found
Magento LTS: Reflected XSS - Import -> Data Flow (profiles)
A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...
PT-2026-38267
A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...
SUSE CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...
DEBIAN-CVE-2025-45160
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27...
EUVD-2025-206538
A HTML injection vulnerability exists in the file upload functionality of Cacti , , into the rendered page...
CVE-2025-63419
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
EUVD-2025-131917
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
CVE-2025-63419
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
CVE-2025-63419
Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...
WordPress: Stored XSS on Broken Themes via filename
Hi, I've found something here, Description XSS Stored because filename of theme when broken, So when theme is broken, Wordpress will inform the name of theme who has been broken which is the folder name of theme and inform the error with description message. F342862 Looks like the filename is...