EUVD-2015-7578

Malware in sbrugna...

EUVD-2024-22947

Malicious code in bioql PyPI...

PT-2024-16025 · Comfyui · Comfyui

Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version 0.2.2 and possibly earlier Description: A stored cross-site scripting XSS issue exists, allowing an attacker to upload an HTML file with a malicious XSS payload via the "/api/upload/image" endpoint. The payload ...

Subrion CMS Cross-site Scripting

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads but does block, for example, .htm file uploads...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Frontend Uploader prior to version 1.3.2, which stems from the fact that the plugin does not prevent the uploading of HTML files, e.g., it allows unauthenticate...

CVE-2018-14840

uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads but does block, for example, .htm file uploads...

Ipswitch MOVEit File Transfer Cross-Site Scripting Vulnerability

Ipswitch MOVEit File Transfer formerly known as DMZ an automated file transfer system from the US company Ipswitch. A cross-site scripting vulnerability exists in Ipswitch MOVEit File Transfer 8.1 and earlier versions, which can be exploited by remote attackers to conduct cross-site scripting...