DataEase Code Issues Vulnerabilities

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. A code issue vulnerability exists in DataEase versions prior to 1.18.11. The vulnerability stems...

CVE-2023-30791 Plane 0.7.1 - Insecure file upload

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript...

SUSE CVE-2021-30565

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page...

GHSA-PWVP-H579-HFXG Total.js CMS Path Traversal

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...

Cross-site Scripting in ShowDoc

The upload feature of ShowDoc prior to version 2.10.4 allows files with the extension .html, which leads to stored cross-site scripting...

PT-2022-13550 · Showdoc · Showdoc

Name of the Vulnerable Software and Affected Versions: showdoc versions prior to 2.10.4 Description: The issue concerns an unrestricted upload of files with dangerous types in the GitHub repository star7th/showdoc. This is due to the upload feature allowing files with the extension .html, which c...

CVE-2019-15952

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...

Path traversal

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...

CVE-2018-18965

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but there are several alternative cases in which HTML can be executed, such as a file with no extension or an unrecognized extension e.g.,...

CVE-2018-18966

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file...

SA-2007-026 - Drupal Core - Cross site scripting via uploads

The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...