4 matches found
EUVD-2026-38796
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...
CVE-2026-50700
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...
CVE-2026-12136
The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasicsuseravatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied attributes minheight,...
CyreneAdmin 路径遍历漏洞
CyreneAdmin is a backend management system developed by CoCoTea’s individual developers. Versions of CyreneAdmin prior to 1.3.0 contained a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Avatar” in files/api/system/user/getAvatar, which could le...