262 matches found
PT-2024-6158
Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to a Windows MSHTML platform spoofing vulnerability, which allows attackers to execute arbitrary code remotely. This vulnerability has been exploited by the...
CVE-2024-6306
...
CVE-2024-6306
CVE-2024-6306 is a duplicate of CVE-2024-32111. Connected sources detail a Path Traversal vulnerability in WordPress core, describing improper pathname handling that allowed relative path traversal across multiple versions. The OSV/NVD entries specify affected versions up to WordPress 6.5.4 and i...
[SECURITY] Fedora 39 Update: rust-elfcat-0.1.8-10.fc39
ELF visualizer. Generates HTML files from ELF binaries...
[SECURITY] Fedora 40 Update: rust-elfcat-0.1.8-10.fc40
ELF visualizer. Generates HTML files from ELF binaries...
Stored Cross-Site Scripting (XSS)
nocodb is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization when viewing uploaded HTML files, allowing malicious scripts to be executed when the file is opened in a browser...
CVE-2024-32657
Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...
MGASA-2024-0105 Updated w3m packages fix security vulnerabilities
An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. CVE-2023-38252 An out-of-bounds read flaw was found in w3m, in the growbuftoStr function in indep.c. This issue may allow an...
The vulnerability in the phpMyFAQ web application allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability in the phpMyFAQ web application is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS using specially created .html files...
CVE-2024-25627
CVE-2024-25627 affects Alf.io. The vulnerability is an XSS via HTML file upload that requires administrative access to trigger a JavaScript payload, enabling persistence if an attacker gains admin rights. Affected software is Alf.io prior to version 2.0-M4-2402; the issue has been addressed in ve...
Cross-site Scripting
statamic/cms is vulnerable to Cross-site Scripting. The vulnerability is due to there is no sanitizing or validating the contents of uploaded files. This allows attackers to upload HTML files disguised as JPG files, enabling the execution of malicious scripts...
CVE-2024-24570 Statamic account takeover via XSS and password reset link
Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...
CVE-2023-51252
PublicCMS 4.0 is vulnerable to Cross Site Scripting XSS. Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing...
GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets
Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-47314
Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting XSS. The file upload function allows APK and arbitrary files to be uploaded. By exploiting this issue, attackers may upload HTML files and share the download URL pointing to these files with the victims. As the file download...
CVE-2023-48701
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...
Authentication flaw
Statamic CMS is a Laravel and Git powered content management system CMS. Prior to versions 3.4.15 an 4.36.0, HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or...
Advisory ROSA-SA-2023-2285
software: clamav 0.103.8 WASP: ROSA-CHROME packageevrstring: clamav-0.103.8-1.src.rpm CVE-ID: CVE-2022-20698 BDU-ID: 2022-00587 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could...