Lucene search
+L

263 matches found

Rosalinux
Rosalinux
added 2023/10/31 2:7 p.m.39 views

Advisory ROSA-SA-2023-2285

software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...

7.8CVSS6.6AI score0.0663EPSS
Exploits1
OSV
OSV
added 2023/10/17 4:15 p.m.2 views

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

9.8CVSS7.3AI score0.00797EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/10/17 12:0 a.m.3 views

PT-2023-20971 · Tsplus · Tsplus Remote Work

Name of the Vulnerable Software and Affected Versions: TSplus Remote Work version 16.0.0.0 Description: The issue is related to weak permissions for certain file types, including .exe, .js, and .html files, located under the %PROGRAMFILESX86%TSplus-RemoteWorkClientswww folder. This weakness may...

9.8CVSS9.5AI score0.00797EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.6 views

FileBrowser 跨站脚本漏洞

FileBrowser is an open source web file browser. Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a cross-site scripting vulnerability that can be exploited by an attacker to escalate privileges ...

9CVSS6.3AI score0.00725EPSS
Exploits1References5
Veracode
Veracode
added 2023/08/08 7:41 a.m.25 views

Cross-site Scripting (XSS)

cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to bootstrap.php accepting html files as an upload, which allows an attacker to inject and execute malicious Javascript into the browser...

5.4CVSS6.6AI score0.00408EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/05/08 11:52 a.m.14 views

Cross-Site Scripting (XSS)

serenity.net.services and serenity.net.core are vulnerable to Cross-Site Scripting XSS attacks. The library does not properly check for specific prohibited file types, allowing an attacker to upload malicious .html or .htm files containing XSS payloads...

6.1CVSS5.6AI score0.00785EPSS
Exploits1References5Affected Software2
Snyk
Snyk
added 2023/04/27 3:30 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS such that when users upload temporary files it is possible to upload .html or .htm files containing a malicious payload. The resulting link can be sent to an administrator user. Details Cross-site scripting or X...

6.1CVSS5.4AI score0.00785EPSS
Exploits1References2
OSV
OSV
added 2023/03/12 5:15 a.m.7 views

CVE-2021-46875

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...

6.1CVSS5.5AI score0.00398EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/12 12:0 a.m.6 views

Ez Systems eZ Platform 跨站脚本漏洞

Ez Systems eZ Platform is a content management system CMS based on the Symfony framework from Ez Systems, Norway. A security vulnerability exists in eZ Platform Ibexa Kernel versions prior to 1.3.1.1, which stems from JavaScript code that can be uploaded in .html or .js files...

6.1CVSS6.3AI score0.00398EPSS
Exploits0References3
NVD
NVD
added 2023/02/03 8:15 p.m.61 views

CVE-2023-23937

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

8.2CVSS8.1AI score0.00476EPSS
Exploits0References2
Veracode
Veracode
added 2022/12/30 6:32 a.m.26 views

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to cross site scripting. The vulnerability exists in the UploadApplicationImage function in application.go because it allows authenticated users to upload html files where attacker could execute client side scripts...

6.1CVSS5.5AI score0.00502EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/29 12:0 a.m.14 views

PT-2022-27792 · Unknown · Gotify Server

Name of the Vulnerable Software and Affected Versions: Gotify server versions prior to 2.2.2 Description: The Gotify server contains an issue that allows authenticated users to upload .html files, which can lead to the execution of client-side scripts if another user opens a link. This could...

6.1CVSS7AI score0.00502EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.6 views

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

5.5AI score0.00454EPSS
Exploits0References1
Huntr
Huntr
added 2022/11/22 4:9 p.m.9 views

DOM-based Cross-site Scripting (DXSS) Vulnerability

Description Two CalendarXP products have DXSS vulnerability in common parts of HTML files. CalendarXP FlatCalendarXP through 10.0.1 has DXSS vulnerability in iflateng.htm and nflateng.htm, and CalendarXP PopCalendarXP through 10.0.1 has DXSS vulnerability in ipopeng.htm and npopeng.htm. Proof of...

0.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/11/10 4:2 p.m.24 views

Read the Docs vulnerable to Cross-Site Scripting (XSS)

Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...

0.3AI score
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/10 4:2 p.m.16 views

GHSA-98PF-GFH3-X3MP Read the Docs vulnerable to Cross-Site Scripting (XSS)

Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...

7AI score
Exploits0References3
OpenVAS
OpenVAS
added 2022/10/27 12:0 a.m.33 views

Fedora: Security Advisory for libxml2 (FEDORA-2022-aeafd24818)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.22791EPSS
Exploits2References2
Veracode
Veracode
added 2022/07/14 5:40 p.m.25 views

Cross Site Scripting (XSS)

Prestashop is vulnerable to cross site scripting. The product catalog feature allows for an admin to upload arbitrary .html files with...

4.8CVSS5.6AI score0.00631EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.44 views

CVE-2022-1777 Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

8.7AI score0.01263EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.14 views

Total.js CMS Path Traversal

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...

8.8CVSS7.3AI score0.05119EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder