2 matches found
CVE-2025-71385
Netdata before 2.3.1 is vulnerable to reflected XSS via the love query parameter on /api/v2/ilove.svg and /api/v3/ilove.svg, where the parameter is inserted into the SVG text without escaping. The attack surface includes endpoints with HTTP_ACL_NOCHECK and anonymous access, and bearer-token prote...
PT-2009-2014 · Simple Machines · Simple Machines Forum
Name of the Vulnerable Software and Affected Versions: Simple Machines Forum SMF version 1.1.4 Description: The issue allows remote attackers to potentially execute arbitrary PHP code. This is achieved via a URL in the settingsdefault theme dir parameter to "Sources/Subs-Graphics.php" and...