11 matches found
EUVD-2023-44313
Malicious code in bioql PyPI...
CVE-2022-2254
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users...
HTML Attribute Injection
github.com/gohugoio/hugo is vulnerable to HTML Attribute Injection. The vulnerability is due to insufficient sanitization and escaping of HTML attributes in the internal templates, allows untrusted user input, such as Markdown content, to be processed and rendered without proper handling of...
Cross-site Scripting (XSS)
mautic/core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of user input, allowing harmful scripts to be saved and later executed in the context of other users’ sessions...
Cross Site Scripting (XSS)
pimcore/admin-ui-classic-bundle is vulnerable to Cross Site Scripting. The vulnerability is due to the getPreviewDocumentAction function in AssetController.php not having any content validation for PDF files. This allows an attacker to craft a malicious PDF file containing harmful scripts and can...
CVE-2023-3670
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users...
CVE-2023-3670 Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users...
CVE-2023-3670 Codesys: Vulnerability in CODESYS Development System and CODESYS Scripting
In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users...
Unrestricted file upload
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload script on target...
phpfusionXSS.txt
I found an exploit in the current version of php-fusion which allows you to input XSS in the IMG tag. I reported it already to php-fusion and they created a fix for this. Here it goes: By converting the text ie. javascript:alert'test' to their ascii values, the strings between the img/img tags...
Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass
source: https://www.securityfocus.com/bid/2800/info eSafe Gateway is a security utility used for filtering internet content. It is possible to craft an html file that slips through eSafe Gateway's script filtering feature. eSafe Gateway will ignore scripting commands that are embedded in any html...